Core Certified Exploits

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Subscribe to receive regular updates by email:

 

Browse All Exploits

 

 

Title Description CVE Link Exploit Platform Exploit Type
Exim perl_startup Configuration Variable Local Privilege Escalation Exploit Exim installations compiled with Perl support do not perform sanitation of the environment before loading a perl script defined with perl_startup setting in exim config file. This can be exploited by malicious local attackers to gain root privileges. Linux Exploits/Local
Exim Ghost Buffer Overflow Exploit This update includes a module that remotely exploits CVE-2015-0235 (a.k.a. GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions) on x86 and x86_64 GNU/Linux systems that run the Exim mail server. Linux Exploits/Remote
Exchange X-LINK2STATE CHUNK Exploit This module exploits a heap based buffer overflow handling the X-LINK2STATE command in the SMTP service of Exchange Server. Windows Exploits/Remote
Exchange CDO Calendar Preenum Exploit Update This module exploits a stack based buffer overflow handling the mail headers in the OWA (Outlook Web Access) service when processing meeting requests of Exchange Server clients (MS06-019). This update excludes this exploit from rpt. Windows Exploits/Remote
Exchange CDO Calendar PreEnum exploit This module exploits a stack based buffer overflow handling the mail headers in the OWA (Outlook Web Access) service when processing meeting requests of Exchange Server clients (MS06-019). Windows Exploits/Remote
Evological EvoCam Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the included web server when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via an overly long GET request. Mac OS X Exploits/Remote
Evinco CamShot GET Request Buffer Overflow Exploit This module exploits a vulnerability in the CamShot Module (camshot.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to TCP port where the server is listening. Windows Exploits/Remote
EViews Enterprise Edition dwmapi DLL Hijacking Exploit EViews Enterprise Edition is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PRG file. Windows Exploits/Client Side
Eureka Mail Client Error Response Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error in the processing of POP3 responses. This can be exploited to cause a stack-based buffer overflow via an overly long error response. This version fix XML and version number, add Windows 7, Windows Vista and Windows 2000 suport, and fix len of the public IP problem. Windows Exploits/Client Side
Eureka Mail Client Error Response Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the processing of POP3 responses. This can be exploited to cause a stack-based buffer overflow via an overly long error response. Windows Exploits/Client Side
Euphonics Audio Player PLS Buffer Overflow Exploit Euphonics Audio Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling .PLS files. Windows Exploits/Client Side
Eudora Qualcomm WorldMail IMAPd Service UID Buffer Overflow Exploit Eudora Qualcomm WorldMail IMAPd Service is prone to a buffer overflow SEH gets overwritten when using UID command. Windows Exploits/Remote
ESTsoft ALZip MIM File Buffer Overflow Exploit ALZip is vulnerable to a stack buffer overflow in libETC.dll due to improper parsing of the filename or name parameter within MIM file headers if an overly long filename is provided. Windows Exploits/Client Side
eSignal QUO File Buffer Overflow Exploit eSignal is prone to a buffer overflow when parsing malformed QUO files. Windows Exploits/Client Side
ESET Smart Security EPFW.SYS Privilege Escalation Exploit This module exploits a vulnerability in ESET Smart Security EPWF.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. Windows Exploits/Local
Ericom AccessNow Server Buffer Overflow Exploit AccessNowServer32.exe is prone to a buffer overflow when handling a malformed HTTP request. Windows Exploits/Remote
ERDAS ER Viewer rf_report_error Buffer Overflow Exploit A buffer overflow within the "rf_report_error()" function (ermapper_u.dll) when parsing ERS files exist in ERDAS ER VIEWER. Windows Exploits/Client Side
ERDAS ER Viewer ERM_convert_to_correct_webpath Buffer Overflow Exploit A Buffer Overflow exists within ERDAS ER Viewer due to a boundary error within the ERM_convert_to_correct_webpath() function in (ermapper_u.dll) when parsing file paths via a specially crafted ERS file. Windows Exploits/Client Side
Enterasys NetSight nssyslogd PRI Buffer Overflow Exploit A vulnerability exists within the nssyslogd.exe component, when parsing a syslog message. The process does not properly validate the size of the destination buffer and copies user supplied data into a fixed-length buffer on the stack. Windows Exploits/Remote
EnjoySAP ActiveX Exploit This module exploits a vulnerability in the kwedit.dll control included in the EnjoySAP application. The exploit is triggered when the PrepareToPostHTML() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. Windows Exploits/Client Side
EMC RepliStor Server rep_serv Remote DoS EMC RepliStor Server is prone to a remote denial-of-service vulnerability. The vulnerability is caused due to an error in rep_srv.exe when processing network packets. Windows Denial of Service/Remote
EMC Replication Manager Client irccd.exe Misconfiguration Exploit The best practice for installations of EMC Replication Manager is to register a Replication Manager Client (irccd.exe) instance with the appropiate Replication Manager Server (ird.exe) as soon as the client software is installed on a host. Registration is performed by Replication Manager administrators from within the Replication Manager Server. Windows Exploits/Remote Code Execution
EMC NetWorker nsrd RPC Service Format String Exploit Update A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message. This update adds Linux Support. Linux Exploits/Remote
EMC NetWorker nsrd RPC Service Format String Exploit A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message. Linux Exploits/Remote
EMC HomeBase SSL Service Remote Code Execution Exploit This module exploits a path traversal vulnerability in the SSL service of EMC HomeBase Server. Windows Exploits/Remote