Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
07.02.2014 AVTECH DVR Camera Administration Login Console Captcha Bypass Exploit The /cgi-bin/nobody/VerifyCode.cgi file in AVTECH DVR cameras allows remote attackers to perform administration login console captcha bypass by using an arbitrary hardcoded captcha and its matching verification code. This module tries to verify if the vulnerability is present in the target device. CVE-2013-4982 Exploits/Remote
08.26.2009 Awingsoft Awakening Remote Command Execution Exploit Awingsoft Awakening (aka Winds3D) Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. CVE-2009-2386 Exploits/Client Side Windows
12.01.2011 AWStats migrate Remote Code Execution Exploit The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. CVE-2006-2237 Exploits/Remote Solaris, Linux, Mac OS X
11.21.2012 AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Exploit A Buffer Overflow exist in DAQFactory service who listens on the UDP port 20034 when logs the informations of the incoming NETB packets. CVE-2011-3492 Exploits/Remote Windows
12.17.2008 BadBlue HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in ext.dll when processing an overly long PassThru command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2007-6377 Exploits/Remote Windows
06.05.2011 BakBone NetVault SmartDisk Integer Overflow DoS This module hangs the BakBone NetVault SmartDisk Server because it fails to properly handle user-supplied malformed packets. NOCVE-9999-48284 Denial of Service/Remote Windows
08.25.2009 Baofeng Storm OnBeforeVideoDownload Exploit BaoFeng Storm ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input. CVE-2009-1612 Exploits/Client Side Windows
04.05.2011 Barcodewiz BarcodeWiz.dll LoadProperties ActiveX Exploit This module exploits a vulnerability in the BarcodeWiz.dll module included in the Barcodewiz application. The exploit is triggered when the LoadProperties() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2010-2932 Exploits/Client Side Windows
04.12.2011 Barcodewiz BarcodeWiz.dll LoadProperties ActiveX Exploit Update This module exploits a vulnerability in the BarcodeWiz.dll module included in the Barcodewiz application. The exploit is triggered when the LoadProperties() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This version fixes a bug in the classname of the onelink feature. CVE-2010-2932 Exploits/Client Side Windows
10.07.2014 Bash Environment Variables Remote Code Execution Exploit for SSH A vulnerability in GNU Bash when processing trailing strings after function definitions in the values of environment variables allows remote attackers to execute arbitrary code via a crafted environment. This vulnerability can be leveraged to bypass restricted SSH access (i.e. when the SSH server forces the execution of a specific command, ignoring any command supplied by the client, either by specifying a 'ForceCommand' directive in the 'sshd_config' file, or by using the 'command' keyword in the 'authorized_keys' file) when the default shell for the user is Bash, allowing the remote attacker to execute arbitrary commands on the vulnerable system. The module included leverages this vulnerability to install an agent. CVE-2014-6271 Exploits/Remote Linux
09.24.2014 Bash Remote Code Execution Exploit This update includes a module exploiting a vulnerability found in Bash. When using the vulnerable Bash version as the interpreter for CGI pages, remote code execution through those pages is possible. CVE-2013-1966 Exploits/Remote Solaris, Linux, Windows
12.03.2012 Basilic diff PHP Code Execution Exploit This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account. NOCVE-9999-53067 Exploits/Remote Solaris, Linux, Mac OS X
04.29.2009 Belkin BullDog Plus UPS-Service Buffer Overflow Exploit The UPS management software contains a built-in web server which allows for remote management of the UPS. The management interface is protected by a username and password and the authentication is performed via Basic authentication. There is a small stack-based overflow in the base64 decoding routine which handles the Basic authentication data. NOCVE-9999-37026 Exploits/Remote Windows
12.05.2010 Bentley Microstation wintab32 DLL Hijacking Exploit Bentley Microstation is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .HLN file. NOCVE-9999-46101 Exploits/Client Side Windows
09.29.2013 Bifrost Server Buffer Overflow Exploit Bifrost Server is prone to a buffer overflow vulnerability which can be exploited remotely by sending a specially crafted packet to port TCP/81. NOCVE-9999-58713 Exploits/Remote Windows
01.28.2013 BigAnt IM Server AntDS Buffer Overflow Exploit BigAnt IM Server is prone to a buffer-overflow within AntDS.exe component when handling a specially crafted filename header. CVE-2012-6275 Exploits/Remote Windows
05.02.2013 BigAnt IM Server DDNF Username Buffer Overflow Exploit BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. NOCVE-9999-57633 Exploits/Remote Windows
12.01.2008 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe), this can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6080/TCP. CVE-2008-1914 Exploits/Remote Windows
11.08.2009 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in the AntServer Module (AntServer.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6660/TCP. This update adds support for the latest version of the software, which is still vulnerable to the attack. CVE-2008-1914 Exploits/Remote Windows
01.12.2010 BigAnt IM Server USV Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe) to cause a stack-based buffer overflow, by sending a specially crafted, overly long "USV" request to the TCP port where the server is listening. NOCVE-9999-41693 Exploits/Remote Windows
03.20.2013 BigAnt Server DUPF Command Arbitrary File Upload Exploit BigAnt Server is prone to an arbitrary file upload and execute through a DUPF command. CVE-2012-6274 Exploits/Remote Windows
11.19.2008 BitTorrent Created By Tag Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the processing of .TORRENT files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .TORRENT file containing an overly long Created By field. CVE-2008-4434 Exploits/Client Side
03.14.2011 Blackmoon FTP Server PORT DoS This module shuts down the Blackmoon FTP Server because it fails to properly handle user-supplied malformed packets. CVE-2011-0507 Denial of Service/Remote Windows
09.16.2008 BlazeDVD PLF Playlist Buffer Overflow Exploit BlazeDVD is prone to a remote memory-corruption vulnerability because the application fails to handle malformed playlist files. CVE-2006-6199 Exploits/Client Side Windows
07.05.2010 BlazeDVD PLF Playlist Buffer Overflow Exploit Update BlazeDVD is prone to a remote memory-corruption vulnerability because the application fails to handle malformed playlist files. This version add support for BlazeDVD 6 and Windows 7. CVE-2006-6199 Exploits/Client Side Windows
03.03.2009 BlazeHDTV PLF Playlist Buffer Overflow Exploit This module exploits a vulnerability caused due to a boundary error in BlazeHDTV when handling Playlist files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PLF file. CVE-2006-6396 Exploits/Client Side Windows
11.04.2009 Blender Embedded Script Exploit This module abuses the scripting functionality in Blender to trigger remote code execution via a blender file with an embedded python script. NOCVE-9999-40006 Exploits/Client Side Windows, Mac OS X, Linux
07.31.2011 Blue Coat Authentication and Authorization Agent Buffer Overflow Exploit Blue Coat BCAAA is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks. This exploit bypasses DEP protection by using ROP techniques. NOCVE-9999-48688 Exploits/Remote Windows
09.14.2008 Blue Coat K9 Web Protection Referer Privilege Escalation Exploit K9 Web Protection's local administration interface is vulnerable to a stack based buffer overflow while processing Referer HTTP headers. Local attackers could abuse this vulnerability to escalate privileges and execute arbitrary code as SYSTEM. CVE-2007-2952 Exploits/Local Windows
02.07.2006 Blue Coat Systems WinProxy Exploit This module exploits a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy. CVE-2005-4085 Exploits/Remote Windows

Pages