Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description CVE Link Exploit Platform Exploit Type
Acoustica MP3 CD Burner ASX Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing malformed ASX playlist files. This can be exploited to cause a stack-based buffer overflow tricking a user into opening a specially crafted playlist file containing a ref tag with an overly long href attribute. Exploits/Client Side
Acrobat Reader DC Double-Free Vulnerability Exploit Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system. Windows Exploits/Client Side
ActFax RAW Server Buffer Overflow Exploit A vulnerability in ActFax Server RAW server used to transfer fax messages without protocols. Data fields. @F506,@F605, and @F000 are vulnerable. Windows Exploits/Remote
ActFax Server FTP User Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long USER name on the FTP Server. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Windows Exploits/Remote
ActFax Server LPD-LPR Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long Print Job command on the Line Printer Daemon Server (LPD-Server) . This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Windows Exploits/Remote
Active Directory LDAP Request Handling DoS (MS08-060) Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. Windows Denial of Service/Remote
ActiveFax Server FTP Buffer Overflow Exploit ActiveFax Server's FTP service has a remote buffer overflow vulnerability that can be exploited by an authenticated atacker. Windows Exploits/Remote
ActiveMQ STOMP Protocol Unsafe Deserialization Exploit JMS Object messages within Apache ActiveMQ depend on Java Serialization for marshaling/unmashaling of the message payload. This lead to execution of untrusted code when a specially crafted object is received. This update introduces an exploit that will attempt to connect using the STOMP protocol and abuse the vulnerability to execute a Core Impact agent in the vulnerable system. Linux Exploits/Remote
ActSoft DVD Tools Buffer Overflow Exploit This module exploits a vulnerability in the dvdtools.ocx control included in the ActSoft DVD Tools ActiveX application. The exploit is triggered when the OpenDVD() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. Windows Exploits/Client Side
Acunetix Web Vulnerability Scanner GUI Html Script Injection Exploit Acunetix Web Vulnerability Scanner 10.0 build 20160216 and previous versions, allows remote attackers to execute arbitrary JavaScript code in the context of the scanner GUI. The flaw exists in the way Acunetix WVS render some html elements inside it's GUI, using jscript.dll without any concern about unsafe ActiveX object such as WScript.shell. This module also abuses of a second vulnerability affecting the Acunetix Web Vulnerability Scanner Scheduler to gain SYSTEM privileges. Windows Exploits/Client Side
Adobe Acrobat Pro AFParseDate Javascript API Restrictions Bypass Exploit Certain Javascript APIs in Adobe Acrobat Pro can only be executed in a privileged context. By adding specially crafted Javascript code to a PDF file it's possible to bypass security restrictions and invoke privileged Javascript APIs, allowing for arbitrary code execution. Windows Exploits/Client Side
Adobe Acrobat Pro Multiple Vulnerabilities Exploit A specially crafted argument to makeMeasurement will leave objects in an inconsistent state and can produce a Buffer Overflow. This data can later be retrieved via a call to dumpMeasureData. Finally using NSendApprovalToAuthorEnabled method it is possible to bypass the Javascript API restrictions. Windows Exploits/Client Side
Adobe Acrobat Reader acroform api With Sandbox Bypass Exploit This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to memory corruption method in acroform.api. This can be exploited to cause code execution when a specially crafted .PDF file is opened in Adobe Reader or is opened embedded in a browser. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side
Adobe Acrobat Reader acroform.api Exploit This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to memory corruption method in acroform.api. This can be exploited to cause code execution when a specially crafted .PDF file is opened in Adobe Reader or is opened embedded in a browser. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side
Adobe Acrobat Reader and Flash Player Code Execution Exploit Adobe Acrobat Reader, and Flash Player are prone to a remote code-execution by supplying a malicious Flash (.SWF) file or by embedding a malicious Flash application in a .PDF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. Windows Exploits/Client Side
Adobe Acrobat Reader armsvc Service Privilege Escalation Exploit Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5106. Windows Exploits/Local
Adobe Acrobat Reader authplay Exploit This module exploits a vulnerability in Adobe Reader when parsing .PDF files. The vulnerability is caused due to a boundary error in authplay.dll when handling crafted malicious Flash (.SWF) file or by embedding a malicious Flash application in a .PDF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Windows Exploits/Client Side
Adobe Acrobat Reader x3d Buffer Overflow Exploit An specific flaw exists within the application explicitly trusting a string's length embedded within a particular file that is loaded by both tesselate.x3d and 3difr.x3d plugins. Windows Exploits/Client Side
Adobe Acrobat X Pro updaternotifications DLL Hijacking Exploit Adobe Acrobat X Pro is prone to a vulnerability that may allow the execution of any library file named updaternotifications.dll, if this dll is located in the same folder as a .PDF file. The attacker must entice a victim into opening a specially crafted .PDF file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code. Windows Exploits/Client Side
Adobe ColdFusion APSB13-03 Remote Code Execution Exploit Adobe ColdFusion is vulnerable to a remote authentication-bypass, allowing the attacker to upload an agent and execute it. The agent may have SYSTEM privileges if ColdFusion is installed as a service in Windows. Windows Exploits/Remote
Adobe ColdFusion Java JMX-RMI Remote Code Execution Exploit Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. Windows Exploits/Remote
Adobe ColdFusion JNBridge Remote Code Execution Exploit Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JNBridge protocol. Windows Exploits/Remote
Adobe ColdFusion l10n.cfm Remote Code Execution Exploit The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. Linux Exploits/Remote
Adobe ColdFusion locale Remote Code Execution Exploit An important vulnerability has been identified in ColdFusion version 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution for this reported vulnerability. It recomends that users update their product. Windows Exploits/Remote
Adobe Device Central CS4 ibfs32 DLL Hijacking Exploit Adobe Device Central CS4 is prone to a vulnerability that may allow execution of ibfs32.dll if this dll is located in the same folder than .ADCP file. Windows Exploits/Client Side