Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description Date Added CVE Link Exploit Platform Exploit Type
Microsoft Internet Explorer VBScript UAF Exploit A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. June 22, 2018 Windows Exploits / Client Side
MS17-010 support update 2 Eternalromance targets were added to this module (Win 2000 to Win 2016) June 21, 2018 Windows Exploits / Remote
Delta Industrial Automation WPLSoft File Parsing Buffer Overflow Exploit Update The specific flaw exists within the processing of DVP files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This update adds CVE number and corrects some xml tags. June 13, 2018 Windows Exploits / Client Side
Dup Scout Enterprise Import Command Local Buffer Overflow Exploit A Buffer Overflow exists when parsing .XML files by Command Import. The vulnerability is caused due to a boundary error when handling a crafted .XML files. June 12, 2018 Windows Exploits / Client Side
Advantech WebAccess webvrpcs viewdll1 VdBroadWinGetLocalDataLogEx Buffer Overflow Exploit The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem in VdBroadWinGetLocalDataLogEx. When parsing the NamedObject structure, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. June 7, 2018 Windows Exploits / Remote
PhpCollab editclient.php PHP File Upload Remote Code Execution Exploit PhpCollab is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system. June 6, 2018 Windows, Linux Exploits / Remote File Inclusion / Known Vulnerabilities
Advantech WebAccess Webvrpcs ViewDll1 Buffer Overflow Exploit The specific flaw exists within implementation of the 0x138bd IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. June 4, 2018 Windows Exploits / Remote
Microsoft Windows Win32k SetImeinfoEx Privilege Escalation Exploit An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.



To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
May 31, 2018 Windows Exploits / Local
DVD X Player Standard Buffer Overflow Exploit A Buffer Overflow exists in DVD X Player Standard when parsing .plf files. The vulnerability is caused due to a boundary error when handling a crafted .plf files. May 31, 2018 Windows Exploits / Client Side
DiskBoss Enterprise Buffer Overflow Exploit DiskBoss is prone to a buffer-overflow when handling specially crafted packets. No authentication is required. May 23, 2018 Windows Exploits / Remote
Speculative Store Bypass Checker (CVE-2018-3639) Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. May 23, 2018 Linux Exploits / Tools
Dell EMC Data Protection Advisor Remote OS Command Injection Exploit Dell EMC Data Protection Advisor contains an Authentication Bypass vulnerability and a OS Command Injection vulnerability, which allows attackers to gain arbitrary code execution on the affected system. May 21, 2018 Windows Exploits / Authentication Weakness / Known Vulnerabilities
Tp-link EAP Controller Exploit Tp-link EAP Controller does not handle privilege management correctly so a non privileged user can execute privileged actions. This module will try to change the device's settings and enable ssh in order to take control of the managed Access Points. May 18, 2018 Windows, Linux Exploits / Authentication Weakness / Known Vulnerabilities
Rockwell Automation RSLogix Micro Starter Lite Project File Exploit The specific flaw exists within the parsing of a RSS file. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. May 16, 2018 Windows Exploits / Client Side
Easy File Sharing Web Server POST Request Buffer Overflow Exploit Easy File Sharing Web Server is prone to a buffer-overflow when handling a specially crafted POST request. May 11, 2018 Windows Exploits / Remote
OMRON CX-One CX-Programmer Buffer Overflow Exploit The specific flaw exists within the processing of CXP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. May 4, 2018 Windows Exploits / Client Side
OMRON CX-One CX-FLnet Cdmapi32 Buffer Overflow Exploit The specific flaw exists within the processing of FLN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. May 4, 2018 Windows Exploits / Client Side
DiskBoss Enterprise Remote Buffer Overflow Exploit DiskBoss Enterprise server is prone to a remote buffer-overflow vulnerability. April 26, 2018 Windows Exploits / Remote
Disk Pulse Enterprise GET Buffer Overflow Exploit Disk Pulse server is prone to a buffer-overflow vulnerability when handling a crafted POST request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM priviledges. April 24, 2018 Windows Exploits / Remote
Disk Savvy Enterprise Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. April 19, 2018 Windows Exploits / Remote
Drupal Form API Ajax Requests Remote OS Command Injection Exploit Drupal is prone to an OS command injection vulnerability that allows attackers to take advantage of an improper validation of user-supplied data in the Form API Ajax Requests. April 19, 2018 Linux Exploits / OS Command Injection / Known Vulnerabilities
VX Search Command Name Buffer Overflow Exploit VX Search Enterprise is prone to a buffer-overflow vulnerability when handling a crafted request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges. April 12, 2018 Windows Exploits / Remote
ALLPlayer M3U Buffer Overflow Exploit A UNICODE Buffer Overflow exists in AllPlayer 7.5 when parsing .m3u files. The vulnerability is caused due to a boundary error when handling a crafted .m3u files. April 4, 2018 Windows Exploits / Client Side
HPE Operations Orchestration Central Java Deserialization Vulnerability Remote Code Execution Exploit A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. March 27, 2018 Windows Exploits / OS Command Injection / Known Vulnerabilities
Omron CX-Supervisor Project File Exploit Omron CX-Supervisor is prone to a buffer overflow when handling specially crafted project files. March 23, 2018 Windows Exploits / Client Side