Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
01.02.2007 VERITAS NetBackup BPJava Exploit update NetBackup Java user-interface is affected by a remote format string vulnerability. An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. This module exploits this vulnerability and installs an agent. This update adds support for Linux. CVE-2005-2715 Exploits/Remote Windows, Linux
01.17.2010 HP OpenView Storage Data Protector Remote Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. This update adds support for HP OpenView Storage Data Protector 6.0 and for Windows XP and Vista. CVE-2009-3844 Exploits/Remote Windows
06.06.2012 MSRPC DCOM Exploit Update 2 This Update adds MS03-026 in XML. CVE-2003-0352 Exploits/Remote Windows
02.05.2008 Apache Mod_rewrite Remote Buffer Overflow Exploit This module exploits an Off-by-one error in the LDAP scheme handling in the Rewrite module (mod_rewrite) in Apache and installs an agent into the target host. CVE-2006-3747 Exploits/Remote
10.18.2009 TFTPServer SP Buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. This module add the service specification tag. CVE-2008-2161 Exploits/Remote Windows
12.12.2013 TP-Link Camera Unauthenticated Remote Firmware Upgrade Exploit The /cgi-bin/firmwareupgrade file in TP-Link IP cameras allows remote unauthenticated attackers to perform firmware upgrades. This module tries to verify if the vulnerability is present in the target device without actually upgrading its firmware. CVE-2013-2581 Exploits/Remote
02.26.2009 Novell GroupWise Internet Agent Remote Buffer Overflow Exploit This module exploits an off-by-one condition by sending a specially crafted RCPT verb argument to a Novell GroupWise Internet Agent. CVE-2009-0410 Exploits/Remote Windows
08.04.2013 freeSSHd SSH Server Authentication Bypass Remote Code Execution Exploit Update This update modifies the application version displayed in Quick Information CVE-2012-6066 Exploits/Remote Windows
10.24.2011 Samba Username Map Script Command Injection Exploit The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled. CVE-2007-2447 Exploits/Remote Linux
12.01.2008 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe), this can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6080/TCP. CVE-2008-1914 Exploits/Remote Windows
03.20.2013 BigAnt Server DUPF Command Arbitrary File Upload Exploit BigAnt Server is prone to an arbitrary file upload and execute through a DUPF command. CVE-2012-6274 Exploits/Remote Windows
05.16.2010 CA XOsoft Control Service entry_point.aspx Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the entry_point.aspx login page of CA XOsoft Control Service. CVE-2010-1223 Exploits/Remote Windows
11.01.2012 HP Data Protector EXEC_CMD Exploit Update This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request. This update fixes an issue when using InjectorEgg. CVE-2011-1866 Exploits/Remote Windows
04.18.2011 7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. CVE-2011-1567 Exploits/Remote Windows
07.30.2014 Yokogawa CS3000 BKFSim vhfd Buffer Overflow Exploit Yokogawa CS3000 is prone to a buffer overflow when handling specially crafted packets through UDP port 20010. CVE-2014-3888 Exploits/Remote Windows
06.21.2012 PHP-CGI Argument Injection Exploit Update This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms. CVE-2012-1823 Exploits/Remote Windows, OpenBSD, Linux, FreeBSD
04.14.2008 MSRPC WKSSVC NetpManageIPCConnect Exploit update This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.0 to 7.5 of the framework. CVE-2006-4691 Exploits/Remote Windows
10.22.2009 Microsoft Windows TCPIP Timestamp Remote DoS (MS09-048) This module exploits a memory corruption in the Microsoft Windows TCP/IP implementation by sending a sequence of TCP/IP packets with a specially crafted Timestamp values. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1925 Exploits/Remote Windows
02.05.2014 HP ProCurve Manager SNAC UpdateCertificatesServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateCertificatesServlet. This servlet improperly sanitizes the fileName argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4812 Exploits/Remote Windows
02.06.2012 NetTerm NetFTPD USER Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "USER" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the NetTerm NetFTPD.exe process. CVE-2005-1323 Exploits/Remote Windows
03.17.2009 WinGate Proxy Server Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of POST requests. This may allow execution of arbitrary code by sending an overly long, specially crafted POST request to the proxy server CVE-2006-2926 Exploits/Remote Windows
11.18.2010 Mantis Manage_proj_page Remote Code Execution Exploit Update 4 This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 when handling the sort parameter in manage_proj_page without the proper validation that leads to a remote code execution on Mantis' Web server. This update adds support for the AIX platform. CVE-2008-4687 Exploits/Remote Solaris, Linux, Windows, AIX, Mac OS X
11.23.2011 General Electric ihDataArchiver Service Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the ihDataArchiver.exe service included in several GE SCADA applications by sending a malformed packet to the 14000/TCP port. CVE-2011-1918 Exploits/Remote Windows
04.21.2009 Easy Chat Server Authentication Request Buffer Overflow Exploit A remote user of vulnerable installations of Easy Chat Server can send a specially crafted password parameter to chat.ghp to trigger a buffer overflow and execute arbitrary code on the target system. NOCVE-9999-36981 Exploits/Remote Windows
05.09.2013 Schneider Electric Accutech Manager Heap Overflow Exploit This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to execute arbitrary code or crash the server. CVE-2013-0658 Exploits/Remote Windows
06.02.2010 IBM Cognos Server Backdoor Account Remote Exploit This module exploits a remote code execution vulnerability in IBM Cognos Express by using an undocumented user account to upload an arbitrary .WAR file. CVE-2010-0557 Exploits/Remote Windows
02.17.2010 HP OpenView NNM Snmp CGI Buffer Overflow Exploit This module exploits a vulnerability in HP OpenView NNM by sending a specially crafted request to the snmp.exe. CVE-2009-3849 Exploits/Remote Windows
08.17.2005 VERITAS Backup Exec Agent exploit This module exploits a stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows allowing remote attackers to execute arbitrary code. CVE-2005-0773 Exploits/Remote Windows
03.07.2012 Motorola Netopia netOctopus SDCS Buffer Overflow Exploit This module exploits a remote buffer overflow in the Motorola Netopia netOctopus SDCS server service. The vulnerability exists within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer. This results in an exploitable stack buffer overflow. CVE-2008-2153 Exploits/Remote Windows
09.15.2013 SNMP OS Detect and Identity Verifier Update V2 This update extends the information gathered to include CVE-1999-0516 and CVE-1999-0517 when present in the target. Exploits/Remote

Pages