Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
07.23.2013 Artweaver AWD File Processing Memory Corruption Exploit Artweaver is prone to a Memory Corruption when handling a specially crafted AWD files. CVE-2013-2576 Exploits/Client Side Windows
06.13.2013 Artweaver JPG Image Processing Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing JPG image files and can be exploited to cause a stack-based buffer overflow via a specially crafted JPG image file. CVE-2013-3481 Exploits/Client Side Windows
07.04.2013 ASN.1 Bit String SPNEGO exploit Update Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten. This update modifies the runtime value for this exploit. CVE-2003-0818 Exploits/Remote Windows
06.20.2012 Asterisk HTTP Digest DoS This module triggers a stack corruption vulnerability in Asterisk by sending a malformed packet to the 8088/TCP port. CVE-2012-1184 Denial of Service/Remote Solaris, Linux
07.12.2007 Asterisk T.38 buffer overflow exploit This module exploits a buffer overflow vulnerability in the T38FaxRateManagement parameter when parsing SIP/SDP requests in 1.4.x prior to 1.4.3. After successful exploitation a agent will be installed. The process being exploited is usually run as root. CVE-2007-2293 Exploits/Remote Linux
07.21.2010 Asterisk T.38 buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in the T38FaxRateManagement parameter when parsing SIP/SDP requests in 1.4.x prior to 1.4.3. This update improves the reliability of the module. CVE-2007-2293 Exploits/Remote Linux
05.14.2009 AstonSoft DeepBurner DBR Compilation Buffer Overflow Exploit AstonSoft DeepBurner is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. NOCVE-9999-37461 Exploits/Client Side Windows
05.15.2012 ASUS Net4Switch ipswcom ActiveX Buffer Overflow Exploit ASUS Net4Switch is prone to an overflow condition related to the ActiveX component ipswcom.dll. The CxDbgPrint()function (cxcmrt.dll) fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted message string passed to the Alert() method, a remote attacker can potentially execute arbitrary code. NOCVE-9999-51474 Exploits/Client Side Windows
06.09.2008 ASUS Remote Console Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ASUS Remote Console. This exploit disables DEP in the supported systems. CVE-2008-1491 Exploits/Remote Windows
06.02.2014 AT and T Connect Participant Application SVT File Exploit AT and T Connect Participant Application is prone to a Buffer-Overflow when handling specially crafted SVT files. CVE-2013-6029 Exploits/Client Side Windows
12.09.2008 AT TFTP Server Long Filename Buffer Overflow Exploit The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. CVE-2006-6184 Exploits/Remote Windows
03.19.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. CVE-2006-6184 Exploits/Remote Windows
06.06.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. This update fixes an error on Impact v12.3. CVE-2006-6184 Exploits/Remote Windows
04.16.2012 Atlassian FishEye Struts 2 ExceptionDelegator Remote Code Execution Exploit The ExceptionDelegator component of the XWork framework, part of the Apache Struts 2 web framework, as shipped with Atlassian FishEye, interprets parameters values as OGNL expressions when handling a type conversion error. This can be exploited to execute arbitrary code on the vulnerable server by tricking a logged-in user with administrator privileges within the FishEye site to visit a specially crafted web page. NOCVE-9999-51763 Exploits/Client Side Linux
09.05.2010 Atlassian FishEye Struts 2 ParametersInterceptor Remote Code Execution Exploit The ParametersInterceptor class of XWork framework, part of the Struts 2 web framework, as shipped with Atlassian FishEye, does not properly restrict access to server-side objects. This can be exploited by remote unauthenticated attackers to modify server-side objects and e.g. execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language) expressions. CVE-2010-1870 Exploits/Remote Code Execution Windows, Solaris, Linux
08.06.2014 Atlassian JIRA Issue Collector Plugin Path Traversal Vulnerability Exploit A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges. CVE-2014-2314 Exploits/Remote Windows
10.09.2008 AtomixMP3 M3U Buffer Overflow Exploit AtomixMP3 contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in AtomixMP3 when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. This module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2006-6287 Exploits/Client Side
08.04.2011 Audio Converter PLS File Buffer Overflow Exploit The vulnerability is caused due to a boundary error in Audio Converter when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. CVE-2010-2343 Exploits/Client Side Windows
06.26.2013 AudioCoder M3U Buffer Overflow Exploit AudioCoder contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in AudioCoder when handling .m3u files beginning with http://, when the application tries to obtain a stream from an url. This can be exploited to cause a stack-based buffer overflow via a specially crafted .m3u file. NOCVE-9999-58469 Exploits/Client Side Windows
11.22.2009 Autodesk 3D Studio Max Embedded Maxscript Exploit Autodesk 3D Studio Max allows users to bind script to application callbacks. This functionality could be exploited by an attacker by making a victim open a seemingly innocuous .MAX file with malicious script embedded. CVE-2009-3577 Exploits/Client Side Windows
11.22.2009 Autodesk Maya ScriptNode Exploit This module abuses the scripting functionality in Autodesk Maya to trigger remote code execution via a specially crafted file. CVE-2009-3578 Exploits/Client Side Windows, Mac OS X, Linux
11.22.2009 Autodesk Softimage Embedded Script Exploit This module abuses the scripting functionality in Autodesk Softimage to trigger remote code execution via a project with an embedded script. CVE-2009-3576 Exploits/Client Side Linux, Windows
04.08.2014 AV Shell improvement This update is to increase the realiability of AV shell module. Post Exploitation
02.24.2011 Avahi NULL UDP Packet DoS avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty IPv4 or IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-1002 Denial of Service/Remote Linux
09.29.2009 Avast Antivirus ASWMON.SYS Privilege Escalation Exploit This module exploits a vulnerability in Avast Antivirus ASWMON.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-3522 Exploits/Local Windows
08.08.2010 Avast Internet Security aswFW.sys Driver IOCTL Handling Local DoS Avast! Internet Security is prone to a local denial-of-service vulnerability. Local attackers can exploit this issue to cause denial-of-service conditions. NOCVE-9999-44673 Denial of Service/Local Windows
11.18.2012 Avaya IP Office Customer Call Reporter ImageUpload Exploit The specific flaw exists because Avaya IP Office Customer Call Reporter allows to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are saved has no scripting restrictions. CVE-2012-3811 Exploits/Remote Windows
06.12.2011 Avaya Windows Portable Device Manager (WinPDM) Buffer Overfow Exploit A boundary error in the Unite Host Router service (UniteHostRouter.exe) when processing certain requests can be exploited to cause a stack-based buffer overflow. NOCVE-9999-48394 Exploits/Remote Windows
01.12.2012 AVID Media Composer Phonetic Indexer Buffer Overflow Exploit Avid Media Composer is prone to a remote stack-based buffer-overflow vulnerability within the Phonetic Indexer (AvidPhoneticIndexer.exe) because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. CVE-2011-5003 Exploits/Remote Windows
01.29.2012 Aviosoft DTV Player PLF File Buffer Overflow This module exploits a buffer overflow in Aviosoft DTV Player which allows attackers to execute arbitrary code via a crafted .plf (aka playlist) file. CVE-2011-4496 Exploits/Client Side Windows

Pages