Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
05.17.2013 Light HTTP Daemon Buffer Overflow Exploit Light HTTPD is prone to a buffer overflow when handling specially crafted GET request packets. NOCVE-9999-57945 Exploits/Remote Windows
05.17.2013 PHPMyAdmin Replace Table Prefix Remote Code Execution Exploit This module abuses a vulnerability in phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 that allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. CVE-2013-3238 Exploits/Remote Linux
05.16.2013 Microsoft Windows Win32k Divide Error Exception DoS (MS13-046) This module exploits a Windows kernel vulnerability calling to "NtGdiScaleViewportExtEx" function by using crafted parameters. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-1334 Denial of Service/Local Windows
05.15.2013 Kingsoft Office wpsio Buffer Overflow Exploit In module wpsio, a BSTR string stored in the file is copied to the stack buffer, without checking its length, leading to a stack buffer overflow. CVE-2012-4886 Exploits/Client Side Windows
05.14.2013 EMC AlphaStor Device Manager 0x41 Command Buffer Overflow Exploit A flaw exists within Device Manager (rrobotd.exe), which listens by default on port 3000, when parsing the 0x41 command. CVE-2013-0930 Exploits/Remote Windows
05.13.2013 ERDAS ER Viewer ERM_convert_to_correct_webpath Buffer Overflow Exploit A Buffer Overflow exists within ERDAS ER Viewer due to a boundary error within the ERM_convert_to_correct_webpath() function in (ermapper_u.dll) when parsing file paths via a specially crafted ERS file. CVE-2013-0726 Exploits/Client Side Windows
05.09.2013 Schneider Electric Accutech Manager Heap Overflow Exploit This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to execute arbitrary code or crash the server. CVE-2013-0658 Exploits/Remote Windows
05.08.2013 GlobalSCAPE CuteZIP Buffer Overflow Exploit CuteZip is prone to a buffer-overflow when handling a specially crafted ZIP file. NOCVE-9999-57883 Exploits/Client Side Windows
05.07.2013 Microsoft Windows Win32k Font Parsing Vulnerability ClientSide DoS (MS13-036) This module exploits a vulnerability in Windows kernel (win32k.sys) when a crafted TTF font is open. CVE-2013-1291 Denial of Service/Client Side Windows
05.05.2013 Microsoft Internet Explorer CGenericElement Object Use-After-Free Exploit Use-after-free occurs when a CGenericElement object is freed, but a reference is kept live on the Document and reused during rendering. CVE-2013-1347 Exploits/Client Side Windows
05.02.2013 BigAnt IM Server DDNF Username Buffer Overflow Exploit BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. NOCVE-9999-57633 Exploits/Remote Windows
05.02.2013 HP Intelligent Management Center mibFileUpload Servlet Remote Exploit This module exploits a remote code execution vulnerability in HP Intelligent Management Center by using the "mibFileUpload" servlet to upload an arbitrary .JSP file. CVE-2012-5201 Exploits/Remote Windows, Linux
05.01.2013 Firebird SQL CNCT Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in Firebird SQL by sending a malformed packet to the 3050/TCP port. CVE-2013-2492 Exploits/Remote Linux
04.23.2013 PHP Parsing Variant Buffer Overflow Exploit A Buffer overflow against the com_print_typeinfo function in PHP running on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types. CVE-2012-2376 Exploits/Tools Windows
04.22.2013 3S CoDeSys Gateway Server Arbitrary File Upload Exploit 3S Codesys Gateway Server is prone to a directory traversal vulnerability that allows arbitrary file creation. CVE-2012-4705 Exploits/Remote Windows
04.19.2013 Microsoft Windows Win32k Font Parsing Vulnerability DoS (MS13-036) This module exploits a vulnerability in Windows kernel (win32k.sys) when a crafted TTF font is open. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-1291 Denial of Service/Local Windows
04.18.2013 Nagios history Buffer Overflow Exploit This module exploits a remote buffer overflow in Nagios history.cgi by sending a malformed host parameter. CVE-2012-6096 Exploits/Remote Linux
04.18.2013 Oracle Java Dynamic Binding Remote Code Execution Exploit An error in the way that Java implements dynamic binding can be abused to overwrite public final fields. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-2423 Exploits/Client Side Windows, Linux, Mac OS X
04.11.2013 Oracle Java CMM cmmColorConvert Memory Corruption Exploit The color management(CMM) funcionality in Oracle Java is prune to a memory corruption vulnerability which allows to run Java code outside the sandbox. CVE-2013-1493 Exploits/Client Side Windows
04.09.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. CVE-2012-1182 Exploits/Remote Mac OS X
04.09.2013 Honeywell HSC Remote Deployer ActiveX Arbitrary HTA Execution Exploit This modules exploits a vulnerability found in the Honewell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. CVE-2013-0108 Exploits/Client Side Windows
03.25.2013 Siemens SIMATIC WinCC SCADA RegReader ActiveX Buffer Overflow Exploit An unspecified error in the RegReader ActiveX control can be exploited to cause a buffer overflow. CVE-2013-0676 Exploits/Client Side Windows
03.20.2013 BigAnt Server DUPF Command Arbitrary File Upload Exploit BigAnt Server is prone to an arbitrary file upload and execute through a DUPF command. CVE-2012-6274 Exploits/Remote Windows
03.19.2013 Schneider Electric Interactive Graphical SCADA System Buffer Overflow Exploit This Stack-based buffer overflow exploits a vulnerability in Schneider Electric's Interactive Graphical SCADA System (IGSS) that allows remote attackers to execute arbitrary code by sending a specially crafted packet to TCP port-12397. CVE-2013-0657 Exploits/Remote Windows
03.18.2013 ActFax RAW Server Buffer Overflow Exploit A vulnerability in ActFax Server RAW server used to transfer fax messages without protocols. Data fields. @F506,@F605, and @F000 are vulnerable. NOCVE-9999-56765 Exploits/Remote Windows
03.17.2013 Microsoft Internet Explorer SLayoutRun Use-After-Free Exploit (MS13-009) Use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed. CVE-2013-0025 Exploits/Client Side Windows
03.17.2013 Adobe Acrobat Reader acroform api With Sandbox Bypass Exploit This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to memory corruption method in acroform.api. This can be exploited to cause code execution when a specially crafted .PDF file is opened in Adobe Reader or is opened embedded in a browser. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. This exploit complements CVE-2013-0640, with sandbox escape. All in one module. CVE-2013-0641 Exploits/Client Side Windows
03.13.2013 Microsoft Windows Shell Briefcase Processing Integer Overflow Exploit(MS12-072) An integer overflow occurs in Windows Shell when accesing a crafted briefcase using webdav, allowing remote users execute arbitrary code. CVE-2012-1528 Exploits/Client Side Windows
03.11.2013 KingView KingMess Buffer Overflow Exploit KingView is prone to a buffer-overflow exploit when the KingMess process handles specially crafted KVL files (log files). CVE-2012-4711 Exploits/Client Side Windows
03.06.2013 Oracle Java 7U11 JMX Remote Code Execution Exploit The default Java security properties configuration does not restrict access to certain objects in the com.sun.jmx.mbeanserver packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. CVE-2013-0431 Exploits/Client Side Windows, Mac OS X, Linux

Pages