Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description Date Added CVE Link Exploit Platform Exploit Type
Panda Antivirus AgentSvc Local Privilege Escalation Exploit The vulnerable is a Local Privilege Escalation in AgentSvc.exe. This service creates a global section object and a corresponding global event that is signaled whenever a process that writes to the shared memory wants the data to be processed by the service. The vulnerability lies in the weak permissions that are affected to both these objects allowing "Everyone" including unprivileged users to manipulate the shared memory and the event. May 31, 2019 Windows Exploits / Local
Panda Global Protection AppFlt.sys Privilege Escalation Exploit This module exploits a memory corruption vulnerability in the AppFlt.sys driver of Panda Global Protection when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. February 21, 2011 Windows Exploits/Local
Panda Internet Security Binary Planting Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Panda Internet Security. January 23, 2013 Windows Exploits/Local
Panda Internet Security RKPavProc.sys Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in Panda Internet Security RKPavProc.sys driver when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. July 28, 2010 Windows Exploits/Local
Panda Security for Business Pagent MESSAGE_FROM_REMOTE Path Traversal Exploit The Pagent service component of Panda Security for Business is prone to a path traversal vulnerability when handling MESSAGE_FROM_REMOTE packets. This vulnerability can be exploited by remote unauthenticated attackers to drop arbitrary files in the vulnerable machine in order to gain remote code execution with SYSTEM privileges. February 11, 2014 Windows Exploits/Remote
PCMan FTP Server USER Command Buffer Overflow Exploit PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. July 16, 2013 Windows Exploits/Remote
PCMan FTP Server USER Command Buffer Overflow Exploit Update PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. This update improves the exploit reliability. September 20, 2017 Windows Exploits / Remote
PCManFTPD Server APPE Command Buffer Overflow Exploit2 Server is prone to a stack-based buffer overflow vulnerability when processing long requests. This flaw can be exploited to execute arbitrary code by sending the server a special crafted request. January 16, 2019 Windows Exploits / Remote
PDFCool Studio Buffer Overflow Exploit PDFCool Studio Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing users to open a specially crafted PDF file. December 15, 2013 Windows Exploits/Client Side
PDFill PDF Editor mfc70enu DLL Hijacking Exploit PDFill PDF Editor is prone to a vulnerability that may allow the execution of any library file named MFC70ENU.DLL, if this dll is located in the same folder than a .PDF file. September 26, 2011 Windows Exploits/Client Side
PeaZIP Archived File Name Handling Command Injection Exploit PeaZIP allows user-assisted remote attackers to execute arbitrary commands via a compressed archive with a .TXT file whose name contains | (pipe) characters and a command. August 25, 2009 Windows Exploits/Client Side
PeerCast HTTP Server Buffer Overflow exploit PeerCast is prone to a remote buffer overflow vulnerability. This can facilitate a remote compromise due to arbitrary code execution. April 12, 2009 Linux Exploits/Remote
Perdition IMAP proxy str_vwrite format string exploit The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. December 19, 2007 FreeBSD Exploits/Remote
pfSense system groupmanager Command Execution Exploit This module exploits a post authentication vulnerability in pfSense by abusing the system_groupmanager.php page which allows users to get Code Execution. December 14, 2017 FreeBSD Exploits / OS Command Injection / Known Vulnerabilities
Phoenix Project Manager wbtrv32 DLL Hijacking Exploit Phoenix Project Manager is prone to a vulnerability that may allow the execution of any library file named wbtrv32.dll, if this dll is located in the same folder as a .PPX file. The attacker must entice a victim into opening a specially crafted .PPX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code. March 16, 2011 Windows Exploits/Client Side
Photo DVD Maker PDM Buffer Overflow Exploit Photo DVD Maker contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Photo DVD Maker when handling .PDM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PDM file. July 28, 2009 Windows Exploits/Client Side
PhotoFiltre Studio Buffer Overflow Exploit PhotoFiltre Studio contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in PhotoFiltre when handling .TIF files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .TIF file. May 30, 2010 Windows Exploits/Client Side
PHP apache_request_headers Function Buffer Overflow Exploit This module exploits a buffer overflow in PHP. The specific flaw is in the apache_request_handlers() function. The apache_request_handlers() function fails to validate the length of certain headers in the HTTP request and blindly copy all the string received in the vulnerable header to the stack causing a buffer overflow. September 30, 2012 Windows Exploits/Remote
PHP Charts Remote Code Execution Exploit This module exploits a vulnerability in PHP Charts 1.0. The url.php script eval()s every single GET key/value pair. Leading to code execution. July 24, 2013 none Exploits/Remote
PHP Hash Table Collisions DoS This module sends HTTP requests with specially crafted data making the PHP interpreter to consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. January 22, 2012 Solaris Denial of Service/Remote
PHP Hash Table Collisions DoS Update This module sends HTTP requests with specially crafted data making the PHP interpreter to consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. This is update fixes an issue when launching the module from an agent running in a linux system. January 31, 2012 Solaris Denial of Service/Remote
PHP memory_limit exploit This module exploits a vulnerability in the memory_limit function in PHP and installs a level0 agent. July 24, 2005 Linux Exploits/Remote
PHP Parsing Variant Buffer Overflow Exploit A Buffer overflow against the com_print_typeinfo function in PHP running on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types. April 23, 2013 Windows Exploits/Tools
PHP-CGI Argument Injection Exploit This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. May 10, 2012 FreeBSD Exploits/Remote
PHP-CGI Argument Injection Exploit Update This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms. June 21, 2012 Windows Exploits/Remote