CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
02.01.2009 Browse3D SFS Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the parsing of .SFS files, this can be exploited to cause a stack-based buffer overflow via a .SFS file with an overly long file string. NOCVE-9999-35960 Exploits/Client Side Windows
06.01.2009 BS Player BSL Buffer Overflow Exploit BS Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling crafted .BSL files. CVE-2009-1068 Exploits/Client Side Windows
04.27.2011 Bugtracker.net edit_comment Cross Site Scripting Exploit The application fails to sanitize the bug_id parameter in several pages such as edit_comment and edit_bug, leading to a cross site scripting vulnerability. CVE-2010-3266 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.12.2009 BulletProof FTP Client Buffer Overflow Exploit BulletProof FTP Client contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in BulletProof FTP Client when handling .BPS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .BPS file. CVE-2008-5754 Exploits/Client Side
09.24.2009 CA Antivirus CAB Header Parsing Buffer Overflow Exploit This module exploits a stack based buffer overflow vulnerability in CA Antivirus when handling a specially crafted CAB file. CVE-2007-2864 Exploits/Client Side Windows
03.09.2011 CA ARCserve D2D Apache Axis2 Default Credentials Remote Code Execution Exploit CA ARCserve D2D installs the Apache Axis2 Web services engine with the default password for the administrator account, which can be abused by a remote attacker to upload an .AAR web service and execute arbitrary code with SYSTEM privileges on the machine where the vulnerable software is installed. CVE-2010-0219 Exploits/Remote Code Execution Windows
12.25.2006 CA BrightStor ARCserve Backup Discovery Service exploit This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523. CVE-2006-5143 Exploits/Remote Windows
09.02.2008 CA BrightStor ARCserve Backup LGServer Service Exploit This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900. CVE-2008-1328 Exploits/Remote Windows
05.21.2008 CA BrightStor ARCserve Backup ListCtrl Buffer Overflow Exploit This module exploits a vulnerability in the ListCtrl ActiveX Control (ListCtrl.ocx) used CA BrighStor ARCserve Backup. The exploit is triggered when a long string argument is processed by the AddColumn() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2008-1472 Exploits/Client Side Windows
02.08.2009 CA BrightStor ARCserve Backup Media Server Exploit Update This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine. This update adds support for Windows 2003 SP1 and SP2, Windows Vista SP1 and Windows XP SP3. CVE-2007-1785 Exploits/Remote Windows
05.03.2007 CA BrightStor ARCserve Backup mediasvr.exe Exploit This module exploits a buffer overflow vulnerability in the CA BrightStor ARCserve Backup mediasvr.exe. The vulnerability is caused by an input validation error in the mediasvr.exe component when it processes specially crafted RPC requests. CVE-2007-1785 Exploits/Remote Windows
09.04.2008 CA BrightStor ARCserve Backup Message Service Exploit CA BrightStor ARCserve Backup is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2006-5143 Exploits/Remote Windows
08.21.2005 CA BrightStor ARCserve Backup SQL agent exploit This module exploits a stack-based buffer overflow in CA BrightStor ARCserve Backup for Windows and installs a level0 agent. CVE-2005-1272 Exploits/Remote Windows
01.15.2007 CA BrightStor Tape Engine buffer overflow exploit This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5 CVE-2007-0168 Exploits/Remote Windows
04.17.2008 CA BrightStor Tape Engine Buffer Overflow Exploit update This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5. This package makes a slight change in the documentation of the module. CVE-2007-0168 Exploits/Remote Windows
02.05.2007 CA BrightStor Tape Engine exploit for Windows Vista We are pleased to announce the availability of the first CORE IMPACT exploit for Windows Vista along with initial support for Windows Vista as an exploit target. The first exploit we are releasing is an exploit for a vulnerability in CA BrightStor ARCserve Backup v11.5 (CVE-2007-0169). More exploits for Vista will follow as part of our exploit update service. This update adds support for Windows Vista as a target for the exploit, and includes modifications to the Windows agent and accompanying payloads to run on all previously supported versions of Windows. CVE-2007-0168 Exploits/Remote Windows
02.14.2012 CA iTechnology iGateway Debug Mode Buffer Overflow Exploit The CA iGateway component, contains a buffer overflow vulnerability due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled. CVE-2005-3190 Exploits/Remote Windows
02.28.2006 CA Message Queuing Buffer Overflow Exploit This is an exploit for CA's Unicenter Message Queuing buffer overflow vulnerability. CVE-2005-2668 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service deleteReportFilter Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. CVE-2011-1653 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service DeleteReports Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Windows
03.21.2012 CA Total Defense UNCWS Web Service exportReport Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The exportReport method makes use of the uncsp_GenerateReports_Dashboard stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. NOCVE-9999-51517 Exploits/Remote Code Execution Windows
06.07.2011 CA Total Defense UNCWS Web Service getDBConfigSettings Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. A remote unauthenticated attacker can invoke the getDBConfigSettings method, and the Web Service will answer with the server's database credentials. Once that the database credentials are captured, it is possible for a remote attacker to connect to the database and execute arbitrary code under the context of the database administrator. CVE-2011-1655 Exploits/Remote Code Execution Windows
06.15.2011 CA Total Defense UNCWS Web Service UnAssignAdminUsers Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The UnAssignAdminUsers method makes use of the uncsp_UnassignAdminRoles stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Code Execution Windows
05.16.2010 CA XOsoft Control Service entry_point.aspx Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the entry_point.aspx login page of CA XOsoft Control Service. CVE-2010-1223 Exploits/Remote Windows
01.14.2009 Cain and Abel RDP Stack Overflow Exploit This module exploits a vulnerability caused by a boundary error in the processing of RDP files. This can be exploited to cause a stack-based buffer overflow by tricking a user into decoding a specially crafted RDP file. CVE-2008-5405 Exploits/Client Side
08.10.2011 CakePHP unserialize Remote Code Execution Exploit CakePHP is vulnerable to a file inclusion attack because of its use of the "unserialize()" function on unchecked user input. This makes it possible to inject arbitary objects into the scope. CVE-2010-4335 Exploits/Remote Linux
12.02.2010 Camtasia Studio mfc90enu DLL Hijacking Exploit Camtasia Studio is prone to a vulnerability that may allow the execution of any library file named mfc90enu.dll, if this dll is located in the same folder than a .CMMP file. NOCVE-9999-46013 Exploits/Client Side Windows
06.29.2010 CastRipper PLS Buffer Overflow Exploit CastRipper contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in CastRipper when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. CVE-2009-1667 Exploits/Client Side Windows
05.22.2014 Catia CATSV5 Backbone Remote Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing CATIA. The vulnerability is caused due to a boundary error when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded. NOCVE-9999-62708 Exploits/Remote Windows
10.14.2009 Cerberus FTP Server Long Command DoS Cerberus FTP Server is prone to a denial-of-service. The vulnerability is caused due to an error in the processing of overly long arguments passed via FTP commands. NOCVE-9999-40396 Denial of Service/Remote Windows

Pages