We are thrilled about the continuous improvements shipped to Core Impact. Today we are recapping the 87 total updates that are being sent to Impact since the release of Core Impact 2017R1. The team has been hard at work to drive new exploits and improvements into Impact all year long so that our customers will continue to get maximum value from our product. 

  • 87 Updates overall
  • 36 Remote exploits
  • 9 Client-Side Exploits
  • 8 Local exploits
  • Enhancements for numerous exploits
  • Updates in the CVE association to our exploits
  • Several general updates
     

Here is a complete list of published modules:

Remote Exploits:

  • Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution Exploit
  • Microsoft Windows LSASS Memory Corruption DoS (MS16-137)
  • Microsoft Windows LSASS Memory Corruption DoS (MS17-004)
  • Joomla com_fields SQL Injection Exploit
  • 3S-Smart Software Solutions GmbH CODESYS Web Server Upload Restricted File and Buffer Overflow Exploit
  • Avtech DVR Camera Authentication Bypass and Command Execution Exploit
  • ConQuest DICOM Server Buffer Overflow Exploit
  • Disk Sorter Enterprise Login Buffer Overflow Exploit
  • DiskBoss Enterprise GET Buffer Overflow Exploit
  • DiskSavvy Enterprise GET Buffer Overflow Exploit
  • Dup Scout Enterprise Login Buffer Overflow Exploit
  • HPE Intelligent Management Center Java RMI Registry Deserialization Vulnerability Remote Code Execution Exploit
  • Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Command Injection Exploit
  • IIS WebDav ScStoragePathFromUrl Remote Code Execution Exploit
  • IIS WebDav ScStoragePathFromUrl Remote Code Execution Exploit Update
  • Jenkins LDAP Java Library Deserialization Vulnerability Remote Code Execution Exploit
  • Joomla UsersModelRegistration Admin Registration Vulnerability Exploit
  • Microsoft Windows ERRATICGOPHER SMB Remote Code Execution
  • Microsoft Windows ERRATICGOPHER SMB Remote Code Execution Update
  • Microsoft Windows SMB Pool Overflow Remote Code Execution (MS17-010)
  • Microsoft Windows SMB Remote Code Execution (MS17-010) Detector
  • Samba Pipe dlopen Remote Code Execution Exploit
  • Sophos Web Appliance MgrReport blocking Vulnerablity Remote Code Execution Exploit
  • Sync Breeze Enterprise GET Buffer Overflow Exploit
  • Trend Micro InterScan Web Security Virtual Appliance doPostMountDevice OS Command Injection Exploit
  • VIPA Controls WinPLC7 Buffer Overflow Exploit
  • Elefant CMS PHP File Upload Remote Code Execution Exploit
  • WebApps Web Crawler and XSS Analyzer Update
  • Boonex Dolphin PHP File Upload Remote Code Execution Exploit
  • Magento eCommerce Web Sites RetrieveImage.php Arbitrary File Upload Exploit
  • Nuxeo Platform CMS Directory Traversal Vulnerability JSP File Upload Exploit
  • Apache Struts 2 Multipart File Upload Remote Code Execution Exploit
  • Apache Struts 2 Multipart File Upload Remote Code Execution Exploit Update
  • PHPMailer Remote Command Execution Exploit
  • PHPMailer Remote Command Execution Exploit Update
  • PHPMailer Remote Command Execution Exploit Update 2

 

Client-Side Exploits:

  • Firefox SVG Animation Remote Code Execution Exploit
  • Ichitaro Office Excel File Heap Overflow Exploit
  • Micro Focus Rumba WdMacCtl ActiveX Exploit
  • Microsoft Office Malformed EPS Use-After-Free File Vulnerability Exploit
  • Microsoft Office Word OLE2Link OLE Object Exploit
  • Microsoft Office Word OLE2Link OLE Object Exploit Update
  • Microsoft Windows OLE Package Manager Code Execution Exploit (MS14-064) Update
  • Mozilla Firefox Use-after-free DOM and Audio Elements Exploit
  • WebEx Extension Remote Command Execution
     

Local Exploits:

  • CyberGhost CG6Service Service SetPeLauncherState Vulnerability Local Privilege Escalation Exploit
  • Linux Kernel AF_PACKET Privilege Escalation Exploit
  • Linux Kernel SO_SNDBUFFORCE Privilege Escalation Exploit
  • Microsoft Windows COM Aggregate Marshaler Type Confusion Exploit
  • Microsoft Windows Win32k Empty PFB File Exploit (MS16-151)
  • Microsoft Windows Win32k Privilege Escalation Exploit (MS16-135) Update
  • Microsoft Windows Win32k Privilege Escalation Exploit (MS16-135) Update 2
  • Sparklabs Viscosity Config Path Privilege Escalation
     

Maintenance:

  • CVE Database Update
  • ClientSide AP update
  • Exploit Framework Fixes
  • Exploits Times Improvements
  • Netghost Network Spoofing Library Improvement Update
  • One Link Client Side Exploits update

 

For more information on Core Impact, visit our product page or request a demo, today!