Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description Date Added CVE Link Exploit Platform Exploit Type
Citrix Provisioning Services Streamprocess Opcodes Buffer Overflow Exploit This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. January 24, 2012 Windows Exploits/Remote
TinyIdentD Remote Buffer Overflow Exploit The vulnerability is a buffer overflow in TinyIdentD via a long string to TCP port 113. January 4, 2012 Windows Exploits/Remote
VisiWave Site Survey Report File Processing Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. This update adds CVE information. November 18, 2012 Windows Exploits/Client Side
EMC Replication Manager Client irccd.exe Misconfiguration Exploit The best practice for installations of EMC Replication Manager is to register a Replication Manager Client (irccd.exe) instance with the appropiate Replication Manager Server (ird.exe) as soon as the client software is installed on a host. Registration is performed by Replication Manager administrators from within the Replication Manager Server. October 23, 2012 Windows Exploits/Remote Code Execution
IntegraXor dwmapi DLL Hijacking Exploit IntegraXor is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder as a .IGX file. January 20, 2011 Windows Exploits/Client Side
Adobe Illustrator CS5 dwmapi DLL Hijacking Exploit Adobe Illustrator CS5 is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .AIT file. December 13, 2010 Windows Exploits/Client Side
SiSoftware Sandra dwmapi DLL Hijacking Exploit SiSoftware Sandra is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .SIS file. December 5, 2010 Windows Exploits/Client Side
TechSmith Snagit dwmapi DLL Hijacking Exploit TechSmith Snagit is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .SNAG file. December 1, 2010 Windows Exploits/Client Side
Microchip MPLAB IDE pegrc32b DLL Hijacking Exploit Microchip MPLAB IDE is prone to a vulnerability that may allow execution of pegrc32b.dll if this dll is located in the same folder than .MCP file. November 29, 2010 Windows Exploits/Client Side
Trend Micro Titanium Maximum Security TMTDI.SYS Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Trend Micro Titanium Maximum Security tmtdi.sys driver. The vulnerable driver trusts a dword passed from user mode via IOCTL 0x220404, and interprets it as a function pointer without performing validations. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. November 8, 2010 Windows Exploits/Local
Symantec Workspace Streaming Agent XMLRPC Request putFile Method Remote Code Execution Vulnerability Exploit A vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment. August 12, 2014 Windows Exploits/Remote
FreeBSD X.Org libXfont BDF Privilege Escalation Exploit The bdfReadCharacters() function in the libXfont component of X.Org is prone to a stack-based buffer overflow vulnerability when parsing a specially crafted BDF font file. This vulnerability can be exploited by a local unprivileged attacker to gain root privileges. July 14, 2014 FreeBSD Exploits/Local
BS Player BSL Buffer Overflow Exploit BS Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling crafted .BSL files. June 1, 2009 Windows Exploits/Client Side
VUPlayer CUE Buffer Overflow Exploit VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling .CUE files. May 13, 2009 Windows Exploits/Client Side
Maya Studio EO Video Playlist Buffer Overflow Exploit Maya Studio EO-Video is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when handling playlist files. April 7, 2009 Windows Exploits/Client Side
Xoops mydirname Remote Code Execution Exploit Update This update adds support for Solaris platform. November 30, 2011 Solaris Exploits/Remote
InduSoft Web Studio SCADA REVERB1 DLL Hijacking Exploit InduSoft Web Studio SCADA is prone to a vulnerability that may allow execution of module REVERB1 if this dll is located in the same folder than .APP file. November 22, 2011 Windows Exploits/Client Side
Procyon Core Server HMI Scada Coreservice Buffer Overflow Exploit Vulnerability in the coreservice.exe component of Procyon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record, allowing for unauthenticated remote code execution. September 28, 2011 Windows Exploits/Remote
Microsoft Windows Media Encoder DLL Hijacking (MS10-094) Windows Media Encoder is prone to a vulnerability that may allow the execution of an attacker supplied file named wmerrorENU.dll, if this dll is located in the same webdav/shared folder as a .PRX file. October 3, 2011 Windows Exploits/Client Side
Symantec Endpoint Protection Kernel Pool Overflow Privilege Escalation Exploit Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. May 10, 2015 Windows Exploits/Local
Adobe Flash Player shared ByteArray Use-After-Free Exploit This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The method ByteArray::clear does not notify the suscriber when frees the memory assigned to a ByteArray object leaving a dangling pointer that can be later dereferenced. This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file. This vulnerability was found exploited in the wild in February 2015. March 25, 2015 Windows Exploits/Client Side
Control Microsystems ClearSCADA Remote DoS Update This module exploits a vulnerability in the ClearSCADA Server service by sending a malformed packet to the 5481/TCP port to crash the application. This Update increases the MAX TRIES default value because it has not been reliable. May 13, 2015 Windows Denial of Service/Remote
Oracle Java OutOfMemoryError Binary Planting Exploit This module exploits a binary planting vulnerability in Oracle Java JRE. The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs. This can be exploited to execute arbitrary programs by tricking a user into e.g. opening a HTML file, which loads an applet located on a remote WebDAV or SMB share. September 26, 2011 Windows Exploits/Client Side
Microsoft Windows Meeting Space DLL Hijacking Exploit (MS11-085) Windows Meeting Space is prone to a vulnerability that may allow the execution of any library file named wab32res.dll, if this dll is located in the same folder as a .WCINV file. November 10, 2011 Windows Exploits/Client Side
Microsoft Office Malformed EPS File Vulnerability Exploit (MS15-099) Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability." September 10, 2015 Windows Exploits/Client Side