Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
07.31.2011 Blue Coat Authentication and Authorization Agent Buffer Overflow Exploit Blue Coat BCAAA is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks. This exploit bypasses DEP protection by using ROP techniques. NOCVE-9999-48688 Exploits/Remote Windows
09.14.2008 Blue Coat K9 Web Protection Referer Privilege Escalation Exploit K9 Web Protection's local administration interface is vulnerable to a stack based buffer overflow while processing Referer HTTP headers. Local attackers could abuse this vulnerability to escalate privileges and execute arbitrary code as SYSTEM. CVE-2007-2952 Exploits/Local Windows
02.07.2006 Blue Coat Systems WinProxy Exploit This module exploits a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy. CVE-2005-4085 Exploits/Remote Windows
08.11.2009 Bopup Communications Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error and can be exploited to cause a stack-based buffer overflow via a specially crafted TCP packet sent to port 19810. Successful exploitation allows execution of arbitrary code. CVE-2009-2227 Exploits/Remote Windows
08.01.2007 Borland InterBase Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase application. The exploit triggers a stack-based buffer overflow by sending a specially crafted "create" request to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2007-3566 Exploits/Remote Windows
06.09.2008 Borland InterBase Remote Integer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase 2007 application. The exploit triggers an integer overflow and causes a stack-based buffer overflow by sending a specially crafted packet to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2008-2559 Exploits/Remote Windows
06.08.2014 Borland Silk Central TeeChart ActiveX Control AddSeries Untrusted Pointer Exploit The specific flaw exists within the Borland Silk Central TeeChart ActiveX control. The control suffers from an untrusted pointer dereference vulnerability because it blindly calls an attacker-supplied memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process. NOCVE-9999-63948 Exploits/Client Side Windows
02.01.2009 Browse3D SFS Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the parsing of .SFS files, this can be exploited to cause a stack-based buffer overflow via a .SFS file with an overly long file string. NOCVE-9999-35960 Exploits/Client Side Windows
06.01.2009 BS Player BSL Buffer Overflow Exploit BS Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling crafted .BSL files. CVE-2009-1068 Exploits/Client Side Windows
04.27.2011 Bugtracker.net edit_comment Cross Site Scripting Exploit The application fails to sanitize the bug_id parameter in several pages such as edit_comment and edit_bug, leading to a cross site scripting vulnerability. CVE-2010-3266 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.12.2009 BulletProof FTP Client Buffer Overflow Exploit BulletProof FTP Client contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in BulletProof FTP Client when handling .BPS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .BPS file. CVE-2008-5754 Exploits/Client Side
09.24.2009 CA Antivirus CAB Header Parsing Buffer Overflow Exploit This module exploits a stack based buffer overflow vulnerability in CA Antivirus when handling a specially crafted CAB file. CVE-2007-2864 Exploits/Client Side Windows
03.09.2011 CA ARCserve D2D Apache Axis2 Default Credentials Remote Code Execution Exploit CA ARCserve D2D installs the Apache Axis2 Web services engine with the default password for the administrator account, which can be abused by a remote attacker to upload an .AAR web service and execute arbitrary code with SYSTEM privileges on the machine where the vulnerable software is installed. CVE-2010-0219 Exploits/Remote Code Execution Windows
12.25.2006 CA BrightStor ARCserve Backup Discovery Service exploit This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523. CVE-2006-5143 Exploits/Remote Windows
09.02.2008 CA BrightStor ARCserve Backup LGServer Service Exploit This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900. CVE-2008-1328 Exploits/Remote Windows
05.21.2008 CA BrightStor ARCserve Backup ListCtrl Buffer Overflow Exploit This module exploits a vulnerability in the ListCtrl ActiveX Control (ListCtrl.ocx) used CA BrighStor ARCserve Backup. The exploit is triggered when a long string argument is processed by the AddColumn() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2008-1472 Exploits/Client Side Windows
02.08.2009 CA BrightStor ARCserve Backup Media Server Exploit Update This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine. This update adds support for Windows 2003 SP1 and SP2, Windows Vista SP1 and Windows XP SP3. CVE-2007-1785 Exploits/Remote Windows
05.03.2007 CA BrightStor ARCserve Backup mediasvr.exe Exploit This module exploits a buffer overflow vulnerability in the CA BrightStor ARCserve Backup mediasvr.exe. The vulnerability is caused by an input validation error in the mediasvr.exe component when it processes specially crafted RPC requests. CVE-2007-1785 Exploits/Remote Windows
09.04.2008 CA BrightStor ARCserve Backup Message Service Exploit CA BrightStor ARCserve Backup is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2006-5143 Exploits/Remote Windows
08.21.2005 CA BrightStor ARCserve Backup SQL agent exploit This module exploits a stack-based buffer overflow in CA BrightStor ARCserve Backup for Windows and installs a level0 agent. CVE-2005-1272 Exploits/Remote Windows
01.15.2007 CA BrightStor Tape Engine buffer overflow exploit This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5 CVE-2007-0168 Exploits/Remote Windows
04.17.2008 CA BrightStor Tape Engine Buffer Overflow Exploit update This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5. This package makes a slight change in the documentation of the module. CVE-2007-0168 Exploits/Remote Windows
02.05.2007 CA BrightStor Tape Engine exploit for Windows Vista We are pleased to announce the availability of the first CORE IMPACT exploit for Windows Vista along with initial support for Windows Vista as an exploit target. The first exploit we are releasing is an exploit for a vulnerability in CA BrightStor ARCserve Backup v11.5 (CVE-2007-0169). More exploits for Vista will follow as part of our exploit update service. This update adds support for Windows Vista as a target for the exploit, and includes modifications to the Windows agent and accompanying payloads to run on all previously supported versions of Windows. CVE-2007-0168 Exploits/Remote Windows
02.14.2012 CA iTechnology iGateway Debug Mode Buffer Overflow Exploit The CA iGateway component, contains a buffer overflow vulnerability due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled. CVE-2005-3190 Exploits/Remote Windows
02.28.2006 CA Message Queuing Buffer Overflow Exploit This is an exploit for CA's Unicenter Message Queuing buffer overflow vulnerability. CVE-2005-2668 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service deleteReportFilter Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. CVE-2011-1653 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service DeleteReports Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Windows
03.21.2012 CA Total Defense UNCWS Web Service exportReport Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The exportReport method makes use of the uncsp_GenerateReports_Dashboard stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. NOCVE-9999-51517 Exploits/Remote Code Execution Windows
06.07.2011 CA Total Defense UNCWS Web Service getDBConfigSettings Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. A remote unauthenticated attacker can invoke the getDBConfigSettings method, and the Web Service will answer with the server's database credentials. Once that the database credentials are captured, it is possible for a remote attacker to connect to the database and execute arbitrary code under the context of the database administrator. CVE-2011-1655 Exploits/Remote Code Execution Windows
06.15.2011 CA Total Defense UNCWS Web Service UnAssignAdminUsers Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The UnAssignAdminUsers method makes use of the uncsp_UnassignAdminRoles stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Code Execution Windows

Pages