Library of expert validated exploits for safe and effective pen tests
Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.
Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Whether written by our own internal team or by a third party like ExCraft, you can trust they have been thoroughly tested and validated by our experts.
The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:
What are the most critical attacks from the attacker’s perspective?
What new vulnerabilities are more likely to be exploited in real attacks?
What exploits are the most valuable for Core Impact?
Once an exploit is approved, its priority order considers the following variables:
Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed.
Target Environment Setup: OS, application prevalence, version and special configurations needed.
Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc.
Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation.
Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges.
Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.
Stay Informed of New Core Certified Exploits
Subscribe to receive regular email updates on new exploits available for Core Impact
Browse the Core Certified Exploit Library
We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications.
Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.
Title
Description
Date Added
CVE Link
Exploit Platform
Exploit Type
Product Name
7T Interactive Graphical SCADA System ODBC Server Remote Memory Corruption DoS
This module exploits a memory corruption vulnerability in the IGSS ODBC Server by sending a malformed packet to the 20222/TCP port to crash the application.
Windows
Denial of Service/Remote
Impact
Phpmyadmin error BBcode Injection Exploit
In error.php, PhpMyAdmin permits users to insert text and restricted tags (like BBCode). With the tag [a@url@page]Click Me[/a] you can insert your own page, and redirect all users to that page. This can be used to direct users to a page hosting an OS agent.
Linux
Exploits/Client Side
Impact
Panda Global Protection AppFlt.sys Privilege Escalation Exploit
This module exploits a memory corruption vulnerability in the AppFlt.sys driver of Panda Global Protection when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges.
Windows
Exploits/Local
Impact
Media Player Classic iacenc DLL Hijacking Exploit
Media Player Classic is prone to a vulnerability that may allow execution of iacenc.dll if this dll is located in the same folder than .FLV file. The attacker must entice a victim into opening a specially crafted .FLV file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
IBM solidDB does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session.
Moodle phpcoverage_home Cross Site Scripting Exploit
Moodle fails to sanitize the phpcoverage_home parameter in phpcoverage.remote.top.inc.php leading to a Cross-Site Scripting vulnerability.
Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
Impact
Sony Sound Forge Pro MtxParhVegasPreview DLL Hijacking Exploit
Sony Sound Forge Pro is prone to a vulnerability that may allow the execution of any library file named MtxParhVegasPreview.dll, if this dll is located in the same folder as a .SFW file. The attacker must entice a victim into opening a specially crafted .SFW file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows
Exploits/Client Side
Impact
TuneUp Utilities wscapi DLL Hijacking Exploit
TuneUp Utilities is prone to a vulnerability that may allow execution of wscapi.dll if this dll is located in the same folder than a .TVS file. The attacker must entice a victim into opening a specially crafted .TVS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows
Exploits/Client Side
Impact
Pixia wintab32 DLL Hijacking Exploit
Pixia is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder as a .PXA file. The attacker must entice a victim into opening a specially crafted .PXA file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows
Exploits/Client Side
Impact
SIELCO SISTEMI Winlog Malformed Packet Stack Buffer Overflow Exploit
Stack-based buffer overflow in Sielco Sistemi Winlog when Run TCP/IP server is enabled, allows remote attackers to execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
VideoCharge Studio is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than a .VSC file. The attacker must entice a victim into opening a specially crafted .VSC file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows
Exploits/Client Side
Impact
Artlantis Studio mfc90loc DLL Hijacking Exploit
Artlantis Studio is prone to a vulnerability that may allow execution of mfc90loc.dll if this dll is located in the same folder than a .ATL file. The attacker must entice a victim into opening a specially crafted .ATL file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port.
Windows
Exploits/Remote
Impact
Microsoft Windows Active Directory Browser Election Remote DoS
This module exploits a vulnerability in Microsoft Windows Active Directory by sending a specially crafted Browser Election SMB packet that will crash the target machine. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
Windows
Denial of Service/Remote
Impact
AOL Desktop RTX Buffer Overflow Exploit
A buffer overflow in AOL Desktop allows an attacker to execute arbitrary code via crafted .RTX file.
Windows
Exploits/Client Side
Impact
UltraVNC Viewer vnclang DLL Hijacking Exploit
UltraVNC Viewer is prone to a vulnerability that may allow execution of vnclang.dll if this dll is located in the same folder than .VNC file. The attacker must entice a victim into opening a specially crafted .VNC file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows
Exploits/Client Side
Impact
Microsoft Windows Hyper-V VMBus Vulnerability DoS (MS10-102)
This module exploits a vulnerability on Microsoft Hyper-V sending a crafted packet from the "guest OS" to the "host OS" through the vmbus mechanism. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
Adobe Acrobat X Pro updaternotifications DLL Hijacking Exploit
Adobe Acrobat X Pro is prone to a vulnerability that may allow the execution of any library file named updaternotifications.dll, if this dll is located in the same folder as a .PDF file. The attacker must entice a victim into opening a specially crafted .PDF file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows
Exploits/Client Side
Impact
Windows Live Mail dwmapi DLL Hijacking Exploit
Windows Live Mail is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder as an .EML file.
Windows
Exploits/Client Side
Impact
WinHex hash DLL Hijacking Exploit
WinHex is prone to a vulnerability that may allow the execution of any library file named hash.dll, if this dll is located in the same folder as a .WHX file.
Windows
Exploits/Client Side
Impact
Wireshark PROFINET Dissector Format String Exploit Update
Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. This update adds windows 7 support.
This module exploits a vulnerability in the HyleosChemView.ocx control included in the Hyleos ChemView ActiveX application. The exploit is triggered when the OpenURL() method processes a long string argument resulting in a stack-based buffer overflow.
This module exploits a vulnerability in the WBEMSingleView.ocx control included in the WMI Tools ActiveX application. The exploit is triggered when the OpenURL() method processes a long string argument resulting in a stack-based buffer overflow.