Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
12.09.2008 AT TFTP Server Long Filename Buffer Overflow Exploit The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. CVE-2006-6184 Exploits/Remote Windows
03.19.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. CVE-2006-6184 Exploits/Remote Windows
06.06.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. This update fixes an error on Impact v12.3. CVE-2006-6184 Exploits/Remote Windows
04.16.2012 Atlassian FishEye Struts 2 ExceptionDelegator Remote Code Execution Exploit The ExceptionDelegator component of the XWork framework, part of the Apache Struts 2 web framework, as shipped with Atlassian FishEye, interprets parameters values as OGNL expressions when handling a type conversion error. This can be exploited to execute arbitrary code on the vulnerable server by tricking a logged-in user with administrator privileges within the FishEye site to visit a specially crafted web page. NOCVE-9999-51763 Exploits/Client Side Linux
09.05.2010 Atlassian FishEye Struts 2 ParametersInterceptor Remote Code Execution Exploit The ParametersInterceptor class of XWork framework, part of the Struts 2 web framework, as shipped with Atlassian FishEye, does not properly restrict access to server-side objects. This can be exploited by remote unauthenticated attackers to modify server-side objects and e.g. execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language) expressions. CVE-2010-1870 Exploits/Remote Code Execution Windows, Solaris, Linux
08.06.2014 Atlassian JIRA Issue Collector Plugin Path Traversal Vulnerability Exploit A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges. CVE-2014-2314 Exploits/Remote Windows
10.09.2008 AtomixMP3 M3U Buffer Overflow Exploit AtomixMP3 contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in AtomixMP3 when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. This module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2006-6287 Exploits/Client Side
08.04.2011 Audio Converter PLS File Buffer Overflow Exploit The vulnerability is caused due to a boundary error in Audio Converter when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. CVE-2010-2343 Exploits/Client Side Windows
06.26.2013 AudioCoder M3U Buffer Overflow Exploit AudioCoder contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in AudioCoder when handling .m3u files beginning with http://, when the application tries to obtain a stream from an url. This can be exploited to cause a stack-based buffer overflow via a specially crafted .m3u file. NOCVE-9999-58469 Exploits/Client Side Windows
11.22.2009 Autodesk 3D Studio Max Embedded Maxscript Exploit Autodesk 3D Studio Max allows users to bind script to application callbacks. This functionality could be exploited by an attacker by making a victim open a seemingly innocuous .MAX file with malicious script embedded. CVE-2009-3577 Exploits/Client Side Windows
11.22.2009 Autodesk Maya ScriptNode Exploit This module abuses the scripting functionality in Autodesk Maya to trigger remote code execution via a specially crafted file. CVE-2009-3578 Exploits/Client Side Windows, Mac OS X, Linux
11.22.2009 Autodesk Softimage Embedded Script Exploit This module abuses the scripting functionality in Autodesk Softimage to trigger remote code execution via a project with an embedded script. CVE-2009-3576 Exploits/Client Side Linux, Windows
01.28.2015 AV Evasion Improvements v2 This update updates AV evasion for agents generated using the binary wrapper, which is used by Package and Register, Serve Agent in Web Server, and similar executable generating modules. Exploits/Remote
04.08.2014 AV Shell improvement This update is to increase the realiability of AV shell module. Post Exploitation
02.24.2011 Avahi NULL UDP Packet DoS avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty IPv4 or IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-1002 Denial of Service/Remote Linux
09.29.2009 Avast Antivirus ASWMON.SYS Privilege Escalation Exploit This module exploits a vulnerability in Avast Antivirus ASWMON.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-3522 Exploits/Local Windows
08.08.2010 Avast Internet Security aswFW.sys Driver IOCTL Handling Local DoS Avast! Internet Security is prone to a local denial-of-service vulnerability. Local attackers can exploit this issue to cause denial-of-service conditions. NOCVE-9999-44673 Denial of Service/Local Windows
11.18.2012 Avaya IP Office Customer Call Reporter ImageUpload Exploit The specific flaw exists because Avaya IP Office Customer Call Reporter allows to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are saved has no scripting restrictions. CVE-2012-3811 Exploits/Remote Windows
06.12.2011 Avaya Windows Portable Device Manager (WinPDM) Buffer Overfow Exploit A boundary error in the Unite Host Router service (UniteHostRouter.exe) when processing certain requests can be exploited to cause a stack-based buffer overflow. NOCVE-9999-48394 Exploits/Remote Windows
05.10.2015 AVG Remote Administration StoreServerConfig Command Remote Code Execution Exploit The AVG Administration Server is vulnerable to arbitrary configuration settings. Due to insufficient input validation, an attacker can use the StoreServerConfig command (command id 0x27) to set the value of the ClientLibraryName parameter to a UNC path. The provided value can be a path to a network share containing a malicious .dll file. This .dll file will be executed in the context of the AVG Administration Server service which runs as SYSTEM. NOCVE-9999-64522 Exploits/Remote Windows
01.12.2012 AVID Media Composer Phonetic Indexer Buffer Overflow Exploit Avid Media Composer is prone to a remote stack-based buffer-overflow vulnerability within the Phonetic Indexer (AvidPhoneticIndexer.exe) because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. CVE-2011-5003 Exploits/Remote Windows
01.29.2012 Aviosoft DTV Player PLF File Buffer Overflow This module exploits a buffer overflow in Aviosoft DTV Player which allows attackers to execute arbitrary code via a crafted .plf (aka playlist) file. CVE-2011-4496 Exploits/Client Side Windows
07.02.2014 AVTECH DVR Camera Administration Login Console Captcha Bypass Exploit The /cgi-bin/nobody/VerifyCode.cgi file in AVTECH DVR cameras allows remote attackers to perform administration login console captcha bypass by using an arbitrary hardcoded captcha and its matching verification code. This module tries to verify if the vulnerability is present in the target device. CVE-2013-4982 Exploits/Remote
08.26.2009 Awingsoft Awakening Remote Command Execution Exploit Awingsoft Awakening (aka Winds3D) Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. CVE-2009-2386 Exploits/Client Side Windows
12.01.2011 AWStats migrate Remote Code Execution Exploit The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. CVE-2006-2237 Exploits/Remote Solaris, Linux, Mac OS X
11.21.2012 AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Exploit A Buffer Overflow exist in DAQFactory service who listens on the UDP port 20034 when logs the informations of the incoming NETB packets. CVE-2011-3492 Exploits/Remote Windows
12.17.2008 BadBlue HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in ext.dll when processing an overly long PassThru command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2007-6377 Exploits/Remote Windows
06.05.2011 BakBone NetVault SmartDisk Integer Overflow DoS This module hangs the BakBone NetVault SmartDisk Server because it fails to properly handle user-supplied malformed packets. NOCVE-9999-48284 Denial of Service/Remote Windows
08.25.2009 Baofeng Storm OnBeforeVideoDownload Exploit BaoFeng Storm ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input. CVE-2009-1612 Exploits/Client Side Windows
04.05.2011 Barcodewiz BarcodeWiz.dll LoadProperties ActiveX Exploit This module exploits a vulnerability in the BarcodeWiz.dll module included in the Barcodewiz application. The exploit is triggered when the LoadProperties() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2010-2932 Exploits/Client Side Windows

Pages