Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description CVE Link Exploit Platform Exploit Type
OrientDB Remote Command Execution Exploit This module exploits a privilege escalation vulnerability in OrientDB by abusing SQL queries on OUser/ORole without the privileges which allows users to get Code Execution. Linux Exploits/OS Command Injection/Known Vulnerabilities
osCommerce Arbitrary File Upload Exploit osCommerce Online Merchant 2.2 RC2a is vulnerable to an Arbitrary File Upload without the need to be authenticated. This leads to arbitrary PHP code execution in the context of the webserver. This module tries to install a RFI agent if the Web Application is vulnerable. It will fail if the webserver is not allowed to write on the document root of the vulnerable web application. Exploits/Remote File Inclusion/Known Vulnerabilities
OtsTurntables OFL Buffer Overflow Exploit OtsTurntables contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in OtsTurntables when handling .OFL files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .OFL file. Windows Exploits/Client Side
Outlook Express NNTP response exploit This exploit relies in a vulnerability that allows attackers to cause Outlook Express to execute arbitrary code via a malformed NNTP response to the LIST command. Windows Exploits/Client Side
PAC-Designer File Processing Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing the tags within .PAC files. This can be exploited to cause a stack-based buffer overflow via an overly long string. Windows Exploits/Client Side
PAC-Designer File Processing Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error when processing the tags within .PAC files. This can be exploited to cause a stack-based buffer overflow via an overly long string. This update adds CVE number. Windows Exploits/Client Side
PAM Motd Privilege Escalation Exploit PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps.A local attacker could exploit this to gain root privileges. Linux Exploits/Local
PAM Motd Privilege Escalation Exploit Update The PAM MOTD module in Ubuntu does not correctly handle path permissions when creating user file stamps. A local attacker can exploit this to gain root privileges. This update improves the reliability of the exploit. Linux Exploits/Local
Panda Antivirus AgentSvc Local Privilege Escalation Exploit The vulnerable is a Local Privilege Escalation in AgentSvc.exe. This service creates a global section object and a corresponding global event that is signaled whenever a process that writes to the shared memory wants the data to be processed by the service. The vulnerability lies in the weak permissions that are affected to both these objects allowing "Everyone" including unprivileged users to manipulate the shared memory and the event. Windows Exploits/Local
Panda Global Protection AppFlt.sys Privilege Escalation Exploit This module exploits a memory corruption vulnerability in the AppFlt.sys driver of Panda Global Protection when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. Windows Exploits/Local
Panda Internet Security Binary Planting Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Panda Internet Security. Windows Exploits/Local
Panda Internet Security RKPavProc.sys Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in Panda Internet Security RKPavProc.sys driver when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. Windows Exploits/Local
Panda Security for Business Pagent MESSAGE_FROM_REMOTE Path Traversal Exploit The Pagent service component of Panda Security for Business is prone to a path traversal vulnerability when handling MESSAGE_FROM_REMOTE packets. This vulnerability can be exploited by remote unauthenticated attackers to drop arbitrary files in the vulnerable machine in order to gain remote code execution with SYSTEM privileges. Windows Exploits/Remote
PCMan FTP Server USER Command Buffer Overflow Exploit PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. Windows Exploits/Remote
PCMan FTP Server USER Command Buffer Overflow Exploit Update PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. This update improves the exploit reliability. Windows Exploits/Remote
PCManFTPD Server APPE Command Buffer Overflow Exploit2 Server is prone to a stack-based buffer overflow vulnerability when processing long requests. This flaw can be exploited to execute arbitrary code by sending the server a special crafted request. Windows Exploits/Remote
PDFCool Studio Buffer Overflow Exploit PDFCool Studio Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing users to open a specially crafted PDF file. Windows Exploits/Client Side
PDFill PDF Editor mfc70enu DLL Hijacking Exploit PDFill PDF Editor is prone to a vulnerability that may allow the execution of any library file named MFC70ENU.DLL, if this dll is located in the same folder than a .PDF file. Windows Exploits/Client Side
PeaZIP Archived File Name Handling Command Injection Exploit PeaZIP allows user-assisted remote attackers to execute arbitrary commands via a compressed archive with a .TXT file whose name contains | (pipe) characters and a command. Windows Exploits/Client Side
PeerCast HTTP Server Buffer Overflow exploit PeerCast is prone to a remote buffer overflow vulnerability. This can facilitate a remote compromise due to arbitrary code execution. Linux Exploits/Remote
Perdition IMAP proxy str_vwrite format string exploit The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. FreeBSD Exploits/Remote
pfSense system groupmanager Command Execution Exploit This module exploits a post authentication vulnerability in pfSense by abusing the system_groupmanager.php page which allows users to get Code Execution. FreeBSD Exploits/OS Command Injection/Known Vulnerabilities
Phoenix Project Manager wbtrv32 DLL Hijacking Exploit Phoenix Project Manager is prone to a vulnerability that may allow the execution of any library file named wbtrv32.dll, if this dll is located in the same folder as a .PPX file. The attacker must entice a victim into opening a specially crafted .PPX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code. Windows Exploits/Client Side
Photo DVD Maker PDM Buffer Overflow Exploit Photo DVD Maker contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Photo DVD Maker when handling .PDM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PDM file. Windows Exploits/Client Side
PhotoFiltre Studio Buffer Overflow Exploit PhotoFiltre Studio contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in PhotoFiltre when handling .TIF files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .TIF file. Windows Exploits/Client Side