Core Certified Exploits

Library of expert validated exploits for safe and effective pen tests

Browse the Core Certified Exploit Library  

 

Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.

Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Witten by our own internal team, you can trust they have been thoroughly tested and validated by our experts.

The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:

  • What are the most critical attacks from the attacker’s perspective?
  • What new vulnerabilities are more likely to be exploited in real attacks?
  • What exploits are the most valuable for Core Impact?

Once an exploit is approved, its priority order considers the following variables: 

  • Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed.
  • Target Environment Setup: OS, application prevalence, version and special configurations needed.
  • Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc.
  • Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation. 

Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges. 

Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.

Stay Informed of New Core Certified Exploits

Subscribe to receive regular email updates on new exploits available for Core Impact

Browse the Core Certified Exploit Library

We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications. 

Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.

Title Description Date Added CVE Link Exploit Platform Exploit Type Product Name
Beckhoff TwinCAT Local Privilege Escalation Exploit Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. CVE-2018-7502 Windows Exploits / Local / Privilege Escalation Impact
Microsoft Windows Win32k SetImeInfoEx Privilege Escalation Exploit An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. CVE-2018-8120 Windows Exploits / Local / Privilege Escalation Impact
Sophos SafeGuard Enterprise Arbitrary Write SGStDrvm Local Privilege Escalation Exploit Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTL. CVE-2018-6854 Windows Exploits / Local / Privilege Escalation Impact
Hewlett Packard Enterprise Intelligent Management Center tftpserver getFileData Exploit Delta Industrial Automation COMMGR is prone to a buffer-overflow vulnerability when handling a crafted packet. CVE-2018-10594 Windows Exploits / Remote Impact
Tp-link EAP Controller Exploit Tp-link EAP Controller does not handle privilege management correctly so a non privileged user can execute privileged actions. This module will try to change the device's settings and enable ssh in order to take control of the managed Access Points. CVE-2018-10168 Windows, Linux Exploits / Authentication Weakness / Known Vulnerabilities Impact
Oracle WebLogic Server RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Exploit Oracle WebLogic Server is prone to a remote vulnerability that allows attackers to take advantage of a Java deserialization vulnerability. By exploiting known methods, it is possible to remotely connect to the RMI Registry to load a UnicastRef Object, wich allows the execution of system commands. CVE-2017-3248 Windows, Linux Exploits / Remote Impact
Eaton 9000XDrive TLF File Buffer Overflow Exploit Eaton 9000XDrive is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .TLF file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2018-8847 Windows Exploits / Client Side Impact
Wecon LeviStudioU Screenhelper BgOnOffBitAddr Buffer Overflow Exploit A stack-based buffer overflow in WECON LeviStudioU Editor allows an attacker to execute arbitrary code via crafted .UMP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2018-10602 Windows Exploits / Client Side Impact
Wecon LeviStudioU Usermanage GroupList Description Buffer Overflow Exploit A stack-based buffer overflow in WECON LeviStudioU Editor allows an attacker to execute arbitrary code via crafted .XML file imported from Usermanage process. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2018-10602 Windows Exploits / Client Side Impact
Oracle VirtualBox crUnpackTexGendv Buffer Overflow DoS The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. An attacker within a Windows Guest OS can escape from the virtual machine and make a DoS in the VirtualBox process in the Host OS. CVE-2018-2688 Windows, Linux Denial of Service / Local Impact
Sophos SafeGuard Enterprise Arbitrary Write Value IOCTL 802022E0 Local Privilege Escalation Exploit This vulnerability allows local attackers to escalate privileges on vulnerable installations of Sophos SafeGuard Enterprise. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of crafted IOCTL by the lcencvm.sys kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an arbitrary write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. CVE-2018-6857 Windows Exploits / Local / Privilege Escalation Impact
CMS Made Simple moduleinterface.php Remote PHP File Upload Vulnerability Exploit CMS Made Simple is vulnerable to an authenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system. CVE-2018-1000094 Linux, Windows Exploits / Remote File Inclusion / Known Vulnerabilities Impact
Tomabo MP4 Player Stack Overflow Exploit The vulnerability is caused due to a boundary error when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted file of said extension. Windows Exploits / Client Side Impact
Microsoft Internet Explorer VBScript UAF Exploit This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting an invalid pointer reference in Internet Explorer. CVE-2018-8174 Windows Exploits / Client Side Impact
AMD PlaysTV Service Privilege Escalation Exploit This exploit executes code at a user-defined (local) path as SYSTEM, when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user CVE-2018-6546 Windows Exploits / Local / Privilege Escalation Impact
NoMachine Nxfuse Uninitialised Stack Variable Privilege Escalation Exploit This module exploits an uninitialised stack variable vulnerability in "nxfs.sys" by calling to DeviceIoControl function using IOCTL 0x00222014 and 0x00222030 with crafted parameters. CVE-2018-6947 Windows Exploits / Local / Privilege Escalation Impact
Cisco UCS Manager ping OS Command Injection Exploit This module uses a OS Command Injection vulnerability present in Cisco UCS Manager ping function to gain arbitrary code execution on the affected system. CVE-2017-12243 Linux Exploits / OS Command Injection / Known Vulnerabilities Impact
QNAP Qcenter Virtual Appliance Remote OS Command Injection Exploit This module uses a Privilege escalation vulnerability in QNAP Qcenter Virtual Appliance and an OS Command Injection vulnerability to gain arbitrary code execution on the affected system. CVE-2018-0707, CVE-2018-0706 Linux Exploits / OS Command Injection / Known Vulnerabilities Impact
Acrobat Reader DC Double-Free Vulnerability Exploit This module exploits a double free when parsing a specially crafted .PDF file. CVE-2018-4990 Windows Exploits / Client Side Impact
Apache CouchDB Remote OS Command Injection Exploit This module uses an Authentication Bypass vulnerability in Apache CouchDB and an OS Command Injection vulnerability to gain arbitrary code execution on the affected system. CVE-2017-12636, CVE-2017-12635 Linux Exploits / Authentication Weakness / Known Vulnerabilities Impact
Zip-n-Go_Buffer_Overflow_Exploit This module exploits a buffer overflow when parsing a specially crafted .ZIP file. CVE-2018-16302 Windows Exploits / Client Side Impact
OMRON CX-One CX-FLnet Cdmapi32 Buffer Overflow Exploit The specific flaw exists within the processing of FLN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. CVE-2018-8834 Windows Exploits / Client Side Impact
OMRON CX-One CX-Programmer Buffer Overflow Exploit This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2018-7514 Windows Exploits / Client Side Impact
Advantech WebAccess webvrpcs viewdll1 VdBroadWinGetLocalDataLogEx Buffer Overflow Exploit The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem in VdBroadWinGetLocalDataLogEx. When parsing the NamedObject structure, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. CVE-2018-8845 Windows Exploits / Remote Impact
Delta Industrial Automation COMMGR Buffer Overflow Exploit Delta Industrial Automation COMMGR is prone to a buffer-overflow vulnerability when handling a crafted packet. CVE-2018-10594 Windows Exploits / Remote Impact
Download JSON