Core Certified Exploits

Library of expert validated exploits for safe and effective pen tests

Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.

Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Whether written by our own internal team or by a third party like ExCraft, you can trust they have been thoroughly tested and validated by our experts.

The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:

  • What are the most critical attacks from the attacker’s perspective?
  • What new vulnerabilities are more likely to be exploited in real attacks?
  • What exploits are the most valuable for Core Impact?

Once an exploit is approved, its priority order considers the following variables: 

  • Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed. 
  • Target Environment Setup: OS, application prevalence, version and special configurations needed. 
  • Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc. 
  • Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation. 

Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges. 

Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.

Stay Informed of New Core Certified Exploits

Subscribe to receive regular email updates on new exploits available for Core Impact

Browse the Core Certified Exploit Library

We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications. 

Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.

Title Description Date Added CVE Link Exploit Platform Exploit Type Product Name
Symantec Endpoint Protection Kernel Pool Overflow Privilege Escalation Exploit Update Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. CVE-2014-3434 Windows Exploits/Local Impact
FortiClient Weak IOCTL mdare Driver Local Privilege Escalation Exploit FortiClient is prone to a privilege-escalation vulnerability that affects mdare64_48.sys, mdare32_48.sys, mdare32_52.sys, mdare64_52.sys and Fortishield.sys drivers. All these drivers expose an API to manage processes and the windows registry, for instance, the IOCTL 0x2220c8 of the mdareXX_XX.sys driver returns a full privileged handle to a given process PID. In particular, this same function is replicated inside Fortishield.sys. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of any selected process. CVE-2015-5737 Windows Exploits/Local Impact
Linux TCP ICMPv6 Router Advertisement Flooding Vulnerability Denial of Service This module exploits a vulnerability in Linux kernel by sending a big number of Router Advertisement messages to the target. CVE-2014-0254 Windows Denial of Service/Remote Impact
Microsoft Office Excel DbOrParamQry Record Parsing Exploit (MS10-017) This module exploits a memory corruption on Microsoft Office Excel XP when parsing a malformed .XLS file with a specially crafted DbOrParamQry record. CVE-2010-0264 Windows Exploits/Client Side Impact
Microsoft Office PowerPoint Memory Corruption Exploit (MS09-017) Update This module exploits a stack overflow on "pp7x32.dll" when it parses an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format. This update adds support to Microsoft Office XP, support to Microsoft Windows 2000 and Microsoft Windows Vista. CVE-2009-1129 Windows Exploits/Client Side Impact
Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) This module exploits a Windows kernel remote vulnerability on the srv.sys driver via a malformed SMB packet. CVE-2008-4038 Windows Exploits/Remote Impact
Novell Client NWSPOOL.DLL Buffer Overflow Exploit Novell Client for Netware is prone to a buffer overflow vulnerability on the nwspool.dll that could permit the execution of arbitrary remote code. The nwspool.dll library does not properly handle long arguments to the Win32 OpenPrinter() functions. CVE-2006-5854 Windows Exploits/Remote Impact
MSRPC SRVSVC NetrpPathCanonicalize (MS06-040) exploit update 2 This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). This update adds support for windows 2003 sp0. CVE-2006-3439 Windows Exploits/Remote Impact
Microsoft Group Policy Preferences Exploit (MS14-025) The Group Policy implementation in Microsoft Windows does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share. CVE-2014-1812 Windows Exploits/Remote Impact
AV Evasion Improvements_V9 Single stage agent wrappers were modified to be more stealth Exploits / Remote Impact
Oracle Weblogic Server MBeanUtilsInitSingleFileServlet service Vulnerability Remote Code Execution Exploit Update Oracle WebLogic Server is prone to a remote vulnerability that allows unauthenticated attackers to execute system commands.



By exploiting known methods, it is possible to remotely instantiate several java classes that allows to execute system commands.



This update improves code readability and adds a bypass for CVE-2020-14750. 		CVE-2020-14882 Windows, Linux Exploits / Remote Impact
Microsoft Windows DNS Server SIGRed Local Privilege Escalation Exploit Update 2 This update improves the reliability on Windows Server 2008 Enterprise Edition SP2 - x86-64. CVE-2020-1350 Windows Exploits / Local Impact
Comba AC2400 Wi-Fi Access Controller Password Disclosure Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesnt require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext. CVE-2019-15654 Exploits / Client Side IOT
SmartPTT Session Keys Disclosure SmartPTT Information Disclosure Exploits / Remote SCADAPRO
Windows Win32k xxxClientAllocWindowClassExtraBytes Privilege Escalation Exploit Update This vulnerability is caused by xxxClientAllocWindowClassExtraBytes callback in win32kfull!xxxCreateWindowEx. The callback causes the setting of a kernel struct member and its corresponding flag to be out of sync.

This Update adds support for Windows 10 2004 and 20H2 		CVE-2021-1732 Windows Exploits / Local Impact
Zivif Web Cameras Remote Command (reboot) Execution Exploit Exploits the vulnerability published in the CVE-2017-17105 advisory. CVE-2017-17105 Exploits / Remote IOT
Kinetica Admin getLogs Function Remote OS Command Injection Exploit The Kinetica Admin web application did not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. CVE-2020-8429 Linux Exploits / OS Command Injection / Known Vulnerabilities Impact
Windows_IIS_Server_DOS Windows IIS Server Denial of Service Exploits / Denial of Service SCADAPRO
F5 BIG-IP TMUI Remote Code Execution Vulnerability F5 BIG-IP TMUI Remote Code Execution Vulnerability Exploits / Remote Code Execution IOT
Microsoft Windows Print Spooler PrintNightmare Remote Code Execution Exploit The vulnerability has been dubbed PrintNightmare and is tracked as CVE-2021-34527. The flaw is due to the Windows Print Spooler service improperly performing privileged file operations. Microsoft says the flaw can be exploited by an authenticated user calling RpcAddPrinterDriverEx(). When exploited, an attacker gains SYSTEM privileges and can execute arbitrary code, install programs, view, change, or delete data or create new accounts with full user rights.

This update adds the ability to choose an external agent for the smb file share.
 CVE-2021-34527 Windows Exploits / Remote Impact
Lexmark Universal Printer Driver Local Privilege Escalation Exploit The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM. CVE-2021-35449 Windows Exploits / Local Impact
Microsoft Windows Win32k xxxMNOpenHierarchy Vulnerability Exploit v1 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE-2019-1132 Windows Exploits / Local Impact
Unitronics VisiLogic_C File Create Vulnerability This module will receive HTTP requests from vulnerable clients and install agents on them. Exploits / Client Side SCADA
ARD-9808 DVR Card Security Camera Password Disclosure Vulnerability ARD-9808 DVR Card Security Camera Information Disclosure vulnerability Exploits / Client Side IOT
FreeBSD IOCTL CDIOCREADSUBCHANNELSYSSPACE Local Privilege Escalation Exploit A bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges. CVE-2019-5602 FreeBSD Exploits / Local Impact