Core Certified Exploits
We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.
Subscribe to receive regular updates by email:
Browse All Exploits
| Title | Description | Date Added | CVE Link | Exploit Platform | Exploit Type |
|---|---|---|---|---|---|
| WinRAR ACE filename Absolute Path Extraction Vulnerability Exploit | Path traversal vulnerability in WinRAR when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. | March 23, 2019 | CVE-2018-20250 | Windows | Exploits / Client Side |
| STOPzilla AntiMalware Arbitrary Write szkg64 Local Privilege Escalation Exploit | The user can write 0 where he wants. This can be used to write SecurityDescriptor and write system processes. Therefore we can elevate privileges. | March 20, 2019 | NOCVE-9999-120035 | Windows | Exploits / Local |
| Linux Kernel eBPF Local Privilege Escalation Exploit | An arbitrary memory r/w access issue was found in the Linux kernel compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The issue could occur due to calculation errors in the eBPF verifier module, triggered by user supplied malicious BPF program. An unprivileged user could use this flaw to escalate their privileges on a system. Setting parameter "kernel.unprivileged_bpf_disabled=1" prevents such privilege escalation by restricting access to bpf(2) call. |
March 16, 2019 | CVE-2017-16995 | Linux | Exploits / Local |
| Microsoft Windows DHCP Server Heap Overflow Vulnerability DoS | A Heap Overflow vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. | March 15, 2019 | CVE-2019-0626 | Windows | Denial of Service / Remote |
| Microsoft Windows Administrator UAC Elevation Bypass Update v1 | This update improves the module to bypass UAC by adding support for Windows 10. | March 8, 2019 | NOCVE-9999-64489 | Windows | Exploits / Local |
| Drupal RESTful Web Services Module Remote PHP Command Injection Exploit | RESTful Web Services Module does not properly sanitize data from non-form sources. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. | March 7, 2019 | CVE-2019-6340 | Linux | Exploits / OS Command Injection / Known Vulnerabilities |
| Cisco Webex Meetings webexservice Update Service ptUpdate Downgrade Local Privilege Escalation Exploit | A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated local attacker, to execute arbitrary commands with SYSTEM user privileges. | February 27, 2019 | CVE-2019-1674 | Windows | Exploits / Local |
| Dokany Google Drive File Stream Kernel Buffer Overflow Privileged Escalation Exploit | Dokan redistributable are vulnerable to a buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. |
February 22, 2019 | CVE-2018-5410 | Windows | Exploits / Local |
| Linux snapd dirty_sock Local Privilege Escalation Exploit Update | This module exploits a vulnerability in snapd which incorrectly validates and parses the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. This update adds support for more platforms. |
February 22, 2019 | CVE-2019-7304 | Linux | Exploits / Local |
| Linux snapd dirty_sock Local Privilege Escalation Exploit | This module exploits a vulnerability in snapd which incorrectly validates and parses the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. |
February 21, 2019 | CVE-2019-7304 | Linux | Exploits / Local |
| Kibana local file inclusion Exploit | Specific versions of Kibana do not validate paths on a specific GET request, this can be exploited in order to execute local javascript files on the target system | February 19, 2019 | CVE-2018-17246 | Linux | Exploits / Local File Inclusion |
| Microsoft Windows DCOM-RPC NTLM Reflection Elevation of Privilege Exploit | This update adds an exploit which implements the Rotten Potato technique to perform a Local Privilege Escalation. It leverages on local DCOM DCE/RPC connections that can be reflected back to a listening TCP socket allowing access to an NTLM authentication challenge for LocalSystem user which can be replayed to the local DCOM activation service. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system. |
February 14, 2019 | CVE-2016-3225 | Windows | Exploits / Local |
| OracleDB TNS Listener Remote Poisoning Vulnerability Detector | Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application. This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent. |
February 8, 2019 | CVE-2012-1675 | Windows, Linux | Exploits / Remote |
| Advantech WebAccess SCADA BwPAlarm Buffer Overflow Exploit | Advantech WebAccess SCADA lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer overflow and executes remote code. | February 5, 2019 | CVE-2018-18999 | Windows | Exploits / Remote |
| Horner Automation Cscape CSP File Buffer Overflow Exploit | The specific flaw exists within the parsing of CSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. | January 31, 2019 | CVE-2018-19005 | Windows | Exploits / Client Side |
| AV Evasion Improvements_V9 | Single stage agent wrappers were modified to be more stealth | January 30, 2019 | https://cve.mitre.org/cgi-bin/cvename.cgi?name= | Exploits / Remote | |
| TFM MMPlayer Buffer Overflow Exploit | A Buffer Overflow exists when parsing .M3U files. The vulnerability is caused due to a boundary error when handling a crafted .M3U files. | January 24, 2019 | NOCVE-9999-117773 | Windows | Exploits / Client Side |
| Omron CX-One CXP File Buffer Overflow Exploit | The specific flaw exists within the parsing of CXP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. | January 18, 2019 | CVE-2018-18993 | Windows | Exploits / Client Side |
| PCManFTPD Server APPE Command Buffer Overflow Exploit2 | Server is prone to a stack-based buffer overflow vulnerability when processing long requests. This flaw can be exploited to execute arbitrary code by sending the server a special crafted request. | January 16, 2019 | CVE-2018-18861 | Windows | Exploits / Remote |
| VUPlayer Stack Buffer Overflow Exploit | A Buffer Overflow exists when parsing .PLS files. The vulnerability is caused due to a boundary error when handling a crafted .PLS files. | January 10, 2019 | NOCVE-9999-116454 | Windows | Exploits / Client Side |
| Cisco Webex Meetings webexservice Update Service SMB Remote Code Execution Exploit | A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated remote attacker, to execute arbitrary commands with SYSTEM user privileges. | January 3, 2019 | CVE-2018-15442 | Windows | Exploits / Remote |
| GIGABYTE Low Level Access Drivers Privilege Escalation Exploit | This module exploits a vulnerability in various GIGABYTE and AORUS branded utilities. The low level access drivers at the core of these utilities expose dangerous functionality to low privilege processes, a local attacker can read/write arbitrary kernel memory, which can be leveraged to elevate privileges. | December 18, 2018 | CVE-2018-19320 | Windows | Exploits / Local |
| ASUS Low Level Access Drivers Privilege Escalation Exploit | This module exploits a vulnerability in various ASUS and 3rd party branded utilities. The low level access drivers at the core of these utilities expose dangerous functionality to low privilege processes, a local attacker can read/write arbitrary kernel memory, which can be leveraged to elevate privileges. | December 18, 2018 | CVE-2018-18537 | Windows | Exploits / Local |
| Microsoft Windows Win32k xxxMNEndMenuState Local Privilege Escalation Exploit | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | December 17, 2018 | CVE-2017-0263 | Windows | Exploits / Local |
| CyberLink LabelPrint File Project Processing Buffer Overflow Exploit | Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file. | December 12, 2018 | CVE-2017-14627 | Windows | Exploits / Client Side |