We are pleased to announce the availability of CORE Impact v2013 R2.1 for our customers. This update builds upon last month's powerful 2013 R2 release and adds more than 40 new updates to the product. All customers can update to the new version from 2013 R2 by simply performing a "Get Updates" from within their copy of CORE Impact.  

So, what’s new in R2.1?

  • Increased attack set for the recently added camera vector by adding 2 new Foscam and 2 TP-Link exploits
  • IMPACT <-> INSIGHT connector was updated to support v2013 R2
  • Updated dictionaries used by the identity verifiers, as well as the SMB and SNMP verifiers
  • Added support for recently released Metasploit v4.7 Plus 30+ new/updated exploits for targets such as Internet Explorer, Oracle, nginx and Firefox:



  • Oracle WebLogic Server Apache Connector Exploit Update 
  • Nginx HTTP Server Chuncked Encoding Buffer Overflow Exploit 
  • Adobe ColdFusion APSB13-03 Remote Code Execution Exploit
  • FreeFTPd PASS Command Buffer Overflow Exploit
  • freeSSHd SSH Server Authentication Bypass Remote Code Execution Exploit Update V2
  • Bifrost Server Buffer Overflow Exploit
  • Exim With Dovecot LDA Remote Code Execution Exploit
  • Openftpd Server Buffer Overflow Exploit Update
  • Foscam Path Traversal Exploit
  • Foscam Camera tmpfs File Disclosure Exploit
  • TP-Link Camera uploadfile Unauthenticated File Upload Exploit
  • TP-Link Camera servetest Command Injection Exploit
  • PineApp Mail-SeCure ldapsynchnow.php Remote Code Execution Exploit
  • Apache Struts 2 DefaultActionMapper redirect Remote Code Execution Exploit Update
  • TinyWebGallery Remote Code Execution Exploit Update
  • MS SMB 2.0 Negociate Protocol Request Remote Exploit Update 3



  • Microsoft Office Access Database Processing Pointers Exploit (MS13-074)
  • Microsoft Internet Explorer SetMouseCapture Use-After-Free Exploit
  • Microsoft Windows Theme File Handling Exploit (MS13-071)
  • Firefox XMLSerializer Use After Free Exploit
  • Oracle Java BytePackedRaster Exploit
  • Oracle Java IntegerInterleavedRaster Signed Integer Overflow
  • Oracle Java storeImageArray Invalid Array Indexing Exploit
  • Music Animation Machine MIDI SEH Buffer Overflow Exploit



  • Microsoft Windows Class Name String Atom Privilege Escalation Exploit (MS12-041)
  • Microsoft Windows Telephony Service exploit Update
  • Microsoft Windows Win32k NULL Page Vulnerability Exploit (MS13-081)
  • CSRSS facename exploit Update 2



  • Microsoft Windows Print Spooler Service Format String Vulnerability DoS (MS12-054) Update V3
  • Microsoft Windows Win32k Divided Error Exception DoS (MS13-046) Update