Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description Date Added CVE Link Exploit Platform Exploit Type
PeerCast HTTP Server Buffer Overflow exploit PeerCast is prone to a remote buffer overflow vulnerability. This can facilitate a remote compromise due to arbitrary code execution. April 12, 2009 Linux Exploits/Remote
Promotic SCADA SaveCfg ActiveX Buffer Overflow Exploit PROMOTIC SCADA suffers from an ActiveX stack overflow. The exploit is triggered when the SaveCfg() method processes a long string argument resulting in a stack-based buffer overflow. October 25, 2011 Windows Exploits/Client Side
Oracle AutoVue ActiveX Exploit Oracle AutoVue ActiveX control can be exploited to create or overwrite arbitrary files in the context of the currently logged-on user. November 1, 2011 Windows Exploits/Client Side
WinComLPD Remote Administration Buffer Overflow Exploit A buffer overflow in WinComLPD is triggered by sending an overly long authentication packet to the remote administration service. October 2, 2011 Windows Exploits/Remote
Mini-Stream Ripper M3U Buffer Overflow Exploit The vulnerability is caused due to a boundary error in Mini-Stream Ripper when handling M3U files with overly long lines. This can be exploited to cause a stack-based buffer overflow via a specially crafted M3U file. September 26, 2011 Windows Exploits/Client Side
ScadaTEC ScadaPhone ZIP Buffer Overflow Exploit ScadaTEC ScadaPhone has a buffer overflow when handling a project file bundled in a zip. September 28, 2011 Windows Exploits/Client Side
Adobe Flash Player AS3 ConvolutionFilter Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists within the processing of AS3 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. This vulnerability was one of the 2015's Pwn2Own challenges. July 14, 2015 Windows Exploits/Client Side
ISC BIND TKEY assert DoS This module exploits a vulnerability while handling TKEY queries in the BIND service to cause a DoS. August 3, 2015 Solaris Denial of Service/Remote
Microsoft Office Publisher pubconv DLL Buffer Overflow Exploit A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file (.PUB). WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. October 11, 2011 Windows Exploits/Client Side
iPhone Buffer Overflow Exploit Update This module updates the platform names and adds the CVE references for the iPhone Exploit. October 26, 2011 none Exploits/Client Side/Mobile
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 2 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to Windows Server 2012 R2 October 14, 2015 Windows Exploits/Local
IBM Tivoli Storage Manager FastBack Server GetJobByUserFriendlyString Exploit The specific flaw exists within the JOB_S_GetJobByUserFriendlyString function. By sending a crafted packet on TCP port 11460 August 26, 2015 Windows Exploits/Remote
Microsoft Windows Print Spooler Service Format String Vulnerability DoS (MS12-054) This module exploits a format string vulnerability in Microsoft Windows "Print Spooler" service. December 4, 2012 Windows Denial of Service/Remote
Microsoft Windows SMB Client Pool Corruption Vulnerability DoS (MS10-006) This module exploits a vulnerability in mrxsmb.sys when it responses to the client with a malformed SMB packet. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. February 11, 2010 Windows Denial of Service/Client Side
Microsoft Windows NtGdiFastPolyPolyline memory corruption DoS (MS09-006) This module exploits a kernel memory corruption on NtGdiFastPolyPolyline function via a malformed EMF file. April 7, 2009 Windows Denial of Service/Client Side
Windows Animated Cursor Buffer Overflow Exploit Update A remote code execution vulnerability exists in the way that Windows handles cursor, animated cursor, and icon formats. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message (MS07-017). This update adds support for default installs of Windows XP from sp0 to sp2, Windows Vista and Windows 2003 from sp0 to sp2. December 5, 2007 Windows Exploits/Client Side
Windows Shell Hardware Detection exploit This module exploits a vulnerability in the 'detection and registration of new hardware' function of the Windows Shell; the vulnerability is exposed by a parameter that is not properly validated. The exploit allows a local user to escalate their privileges on a compromised Windows XP or Windows 2003 system. March 20, 2007 Windows Exploits/Local
IBM Lotus Notes Buffer Overflow Exploit This module exploits a buffer overflow in the Speed Reader HTML of IBM Lotus Notes via an html attachment file with a vulnerable link about of 800 bytes and installs an agent. May 10, 2006 Windows Exploits/Client Side
Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Exploit A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack. February 22, 2016 Windows Exploits/Remote
ManageEngine EventLog Analyzer Exploit ManageEngine EventLog Analyzer is vulnerable to abuse a SQL query functionality that allows attackers to insert and export a crafted JSP using 'guest' credentials allowing us to install an agent. November 4, 2015 Windows Exploits/Remote
WellinTech KingScada kxClientDownload ActiveX Exploit By properly setting the ProjectURL property, it is possible for an attacker to download an arbitrary dll file from a remote location and run the code in the dll in the context of the target process. May 14, 2014 Windows Exploits/Client Side
Catia CATSV5 Backbone Remote Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing CATIA. The vulnerability is caused due to a boundary error when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded. May 22, 2014 Windows Exploits/Remote
Apple QuickTime MIME Type Buffer Overflow Exploit A buffer overflow in the Apple QuickTime plugin allows remote attackers to execute arbitrary code via a specially crafted MIME type. December 12, 2012 Windows Exploits/Client Side
Adobe Flash Player Content Processing Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. September 19, 2010 Windows Exploits/Client Side
Novell iPrint Client ActiveX Control Debug Buffer Overflow Exploit The specific flaw exists within the ienipp.ocx ActiveX control. The control accepts a 'debug' parameter that is expected to be either "yes" or "true". If a string of a specific length is provided instead, a processing loop within the ExecuteRequest method can be made to corrupt a stack-based buffer. September 23, 2010 Windows Exploits/Client Side