CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
03.14.2011 Blackmoon FTP Server PORT DoS This module shuts down the Blackmoon FTP Server because it fails to properly handle user-supplied malformed packets. CVE-2011-0507 Denial of Service/Remote Windows
09.16.2008 BlazeDVD PLF Playlist Buffer Overflow Exploit BlazeDVD is prone to a remote memory-corruption vulnerability because the application fails to handle malformed playlist files. CVE-2006-6199 Exploits/Client Side Windows
07.05.2010 BlazeDVD PLF Playlist Buffer Overflow Exploit Update BlazeDVD is prone to a remote memory-corruption vulnerability because the application fails to handle malformed playlist files. This version add support for BlazeDVD 6 and Windows 7. CVE-2006-6199 Exploits/Client Side Windows
03.03.2009 BlazeHDTV PLF Playlist Buffer Overflow Exploit This module exploits a vulnerability caused due to a boundary error in BlazeHDTV when handling Playlist files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PLF file. CVE-2006-6396 Exploits/Client Side Windows
11.04.2009 Blender Embedded Script Exploit This module abuses the scripting functionality in Blender to trigger remote code execution via a blender file with an embedded python script. NOCVE-9999-40006 Exploits/Client Side Windows, Mac OS X, Linux
07.31.2011 Blue Coat Authentication and Authorization Agent Buffer Overflow Exploit Blue Coat BCAAA is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks. This exploit bypasses DEP protection by using ROP techniques. NOCVE-9999-48688 Exploits/Remote Windows
09.14.2008 Blue Coat K9 Web Protection Referer Privilege Escalation Exploit K9 Web Protection's local administration interface is vulnerable to a stack based buffer overflow while processing Referer HTTP headers. Local attackers could abuse this vulnerability to escalate privileges and execute arbitrary code as SYSTEM. CVE-2007-2952 Exploits/Local Windows
02.07.2006 Blue Coat Systems WinProxy Exploit This module exploits a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy. CVE-2005-4085 Exploits/Remote Windows
08.11.2009 Bopup Communications Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error and can be exploited to cause a stack-based buffer overflow via a specially crafted TCP packet sent to port 19810. Successful exploitation allows execution of arbitrary code. CVE-2009-2227 Exploits/Remote Windows
08.01.2007 Borland InterBase Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase application. The exploit triggers a stack-based buffer overflow by sending a specially crafted "create" request to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2007-3566 Exploits/Remote Windows
06.09.2008 Borland InterBase Remote Integer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase 2007 application. The exploit triggers an integer overflow and causes a stack-based buffer overflow by sending a specially crafted packet to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2008-2559 Exploits/Remote Windows
02.01.2009 Browse3D SFS Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the parsing of .SFS files, this can be exploited to cause a stack-based buffer overflow via a .SFS file with an overly long file string. NOCVE-9999-35960 Exploits/Client Side Windows
06.01.2009 BS Player BSL Buffer Overflow Exploit BS Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling crafted .BSL files. CVE-2009-1068 Exploits/Client Side Windows
04.27.2011 Bugtracker.net edit_comment Cross Site Scripting Exploit The application fails to sanitize the bug_id parameter in several pages such as edit_comment and edit_bug, leading to a cross site scripting vulnerability. CVE-2010-3266 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.12.2009 BulletProof FTP Client Buffer Overflow Exploit BulletProof FTP Client contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in BulletProof FTP Client when handling .BPS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .BPS file. CVE-2008-5754 Exploits/Client Side
09.24.2009 CA Antivirus CAB Header Parsing Buffer Overflow Exploit This module exploits a stack based buffer overflow vulnerability in CA Antivirus when handling a specially crafted CAB file. CVE-2007-2864 Exploits/Client Side Windows
03.09.2011 CA ARCserve D2D Apache Axis2 Default Credentials Remote Code Execution Exploit CA ARCserve D2D installs the Apache Axis2 Web services engine with the default password for the administrator account, which can be abused by a remote attacker to upload an .AAR web service and execute arbitrary code with SYSTEM privileges on the machine where the vulnerable software is installed. CVE-2010-0219 Exploits/Remote Code Execution Windows
12.25.2006 CA BrightStor ARCserve Backup Discovery Service exploit This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523. CVE-2006-5143 Exploits/Remote Windows
09.02.2008 CA BrightStor ARCserve Backup LGServer Service Exploit This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900. CVE-2008-1328 Exploits/Remote Windows
05.21.2008 CA BrightStor ARCserve Backup ListCtrl Buffer Overflow Exploit This module exploits a vulnerability in the ListCtrl ActiveX Control (ListCtrl.ocx) used CA BrighStor ARCserve Backup. The exploit is triggered when a long string argument is processed by the AddColumn() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2008-1472 Exploits/Client Side Windows
02.08.2009 CA BrightStor ARCserve Backup Media Server Exploit Update This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine. This update adds support for Windows 2003 SP1 and SP2, Windows Vista SP1 and Windows XP SP3. CVE-2007-1785 Exploits/Remote Windows
05.03.2007 CA BrightStor ARCserve Backup mediasvr.exe Exploit This module exploits a buffer overflow vulnerability in the CA BrightStor ARCserve Backup mediasvr.exe. The vulnerability is caused by an input validation error in the mediasvr.exe component when it processes specially crafted RPC requests. CVE-2007-1785 Exploits/Remote Windows
09.04.2008 CA BrightStor ARCserve Backup Message Service Exploit CA BrightStor ARCserve Backup is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2006-5143 Exploits/Remote Windows
08.21.2005 CA BrightStor ARCserve Backup SQL agent exploit This module exploits a stack-based buffer overflow in CA BrightStor ARCserve Backup for Windows and installs a level0 agent. CVE-2005-1272 Exploits/Remote Windows
01.15.2007 CA BrightStor Tape Engine buffer overflow exploit This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5 CVE-2007-0168 Exploits/Remote Windows
04.17.2008 CA BrightStor Tape Engine Buffer Overflow Exploit update This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5. This package makes a slight change in the documentation of the module. CVE-2007-0168 Exploits/Remote Windows
02.05.2007 CA BrightStor Tape Engine exploit for Windows Vista We are pleased to announce the availability of the first CORE IMPACT exploit for Windows Vista along with initial support for Windows Vista as an exploit target. The first exploit we are releasing is an exploit for a vulnerability in CA BrightStor ARCserve Backup v11.5 (CVE-2007-0169). More exploits for Vista will follow as part of our exploit update service. This update adds support for Windows Vista as a target for the exploit, and includes modifications to the Windows agent and accompanying payloads to run on all previously supported versions of Windows. CVE-2007-0168 Exploits/Remote Windows
02.14.2012 CA iTechnology iGateway Debug Mode Buffer Overflow Exploit The CA iGateway component, contains a buffer overflow vulnerability due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled. CVE-2005-3190 Exploits/Remote Windows
02.28.2006 CA Message Queuing Buffer Overflow Exploit This is an exploit for CA's Unicenter Message Queuing buffer overflow vulnerability. CVE-2005-2668 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service deleteReportFilter Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. CVE-2011-1653 Exploits/Remote Windows

Pages