Core Certified Exploits
We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.
Subscribe to receive regular updates by email:
Browse All Exploits
|Title||Description||Date Added||CVE Link||Exploit Platform||Exploit Type|
|PhpCollab editclient.php PHP File Upload Remote Code Execution Exploit||PhpCollab is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.||June 6, 2018||CVE-2017-6090||Windows, Linux||Exploits / Remote File Inclusion / Known Vulnerabilities|
|Phpldapadmin orderby Remote Code Execution Exploit||Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code.||January 3, 2012||CVE-2011-4075||Linux||Exploits/Remote|
|PHPMailer Remote Command Execution Exploit||PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
||March 13, 2017||CVE-2016-10033||Linux||Exploits / OS Command Injection / Known Vulnerabilities|
|PHPMailer Remote Command Execution Exploit Update||PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
This updates adds x86/x64 and HTTP/HTTPS Channel Support.
|April 12, 2017||CVE-2016-10033||Linux||Exploits / OS Command Injection / Known Vulnerabilities|
|PHPMailer Remote Command Execution Exploit Update 2||PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
This fixes a small try/catch exception error.
|April 12, 2017||CVE-2016-10033||Linux||Exploits / OS Command Injection / Known Vulnerabilities|
|Phpmyadmin error BBcode Injection Exploit||In error.php, PhpMyAdmin permits users to insert text and restricted tags (like BBCode). With the tag [a@url@page]Click Me[/a] you can insert your own page, and redirect all users to that page. This can be used to direct users to a page hosting an OS agent.||February 22, 2011||Linux||Exploits/Client Side|
|phpMyAdmin index.php Local File Inclusion Vulnerability Exploit||phpMyAdmin is vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by the application.||October 31, 2018||CVE-2018-12613||Windows, Linux||Exploits / Local File Inclusion|
|phpMyAdmin Post Auth Remote Code Exploit||phpMyAdmin is prone to a regexp abuse via an eval modifier which can be found in old PHP versions. This vulnerability allows authenticated attackers to run arbitrary php code on the affected server.
PHP versions 4.3.0-5.4.6 had a "feature" which allowed users to run a RegExp Pattern Modifier using PREG_REPLACE_EVAL and may lead to execute code.
phpMyAdmin had an issue in their code that can be exploited from a table replace call.
|September 9, 2016||CVE-2016-5734||Linux||Exploits / OS Command Injection / Known Vulnerabilities|
|PHPMyAdmin Replace Table Prefix Remote Code Execution Exploit||This module abuses a vulnerability in phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 that allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.||May 17, 2013||CVE-2013-3238||Linux||Exploits/Remote|
|PHPMyAdmin Server_databases Remote Code Execution Exploit||This module exploits a vulnerability in PHPMyAdmin. server_databases.php fails when it attemps to sanitize the sort_by parameter. It allows an attacker to inject code, and execute it on the web server with www-data privileges.||February 24, 2009||CVE-2008-4096||Linux||Exploits/Remote|
|Phpmyadmin Server_databases Remote Code Execution Exploit Update||This updates provides more readable log messages when specific errors occur and improves the reliability of the exploit.||September 22, 2009||CVE-2008-4096||Linux||Exploits/Remote|
|PHPMyAdmin Setup Config Remote Code Execution Exploit||Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 18.104.22.168 and 3.x before 22.214.171.124 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.||July 30, 2009||CVE-2009-1151||Linux||Exploits/Remote Code Execution|
|PHPMyAdmin Setup Config Remote Code Execution Exploit Update||This update adds support for Solaris and Mac OS X platforms.||December 1, 2011||CVE-2009-1151||Solaris||Exploits/Remote|
|PhpMyAdmin Unserialize Remote Code Execution Exploit||phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default.||February 4, 2010||CVE-2009-4605||Windows||Exploits/Remote|
|PhpMyAdmin Unserialize Remote Code Execution Exploit Update||phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default. This update adds support for Solaris and Mac OS X.||December 20, 2011||CVE-2009-4605||Windows||Exploits/Remote|
|phpScheduleit 1.2.10 Remote Code Execution Exploit||Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.||July 5, 2009||CVE-2008-6132||Windows||Exploits/Remote|
|phpScheduleit 1.2.10 Remote Code Execution Exploit Update||Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. This update adds support for the Solaris and FreeBSD platforms.||October 5, 2011||CVE-2008-6132||Windows||Exploits/Remote|
|Pidgin MSNSLP Arbitrary Write Exploit||The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messages. This can be exploited to cause a stack-based buffer overflow without user interaction. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.||August 17, 2009||CVE-2009-2694||Windows||Exploits/Client Side|
|Pidgin MSNSLP Arbitrary Write Exploit Update||The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messages. This can be exploited to cause an arbitrary write without user interaction. This module updates the MSN library, because of minor changes in the handling of the HTTP encapsulation of the MSN protocol within the Microsoft MSN server.||July 29, 2010||CVE-2009-2694||Windows||Exploits/Client Side|
|PineApp Mail-SeCure ldapsynchnow.php Remote Code Execution Exploit||This module exploits a vulnerability present in PineApp Mail-SeCure. The specific flaw exists within the component ldapsynchnow.php, which lacks proper sanitization, thus allowing command injection.||October 24, 2013||Linux||Exploits/Remote|
|Pixia wintab32 DLL Hijacking Exploit||Pixia is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder as a .PXA file. The attacker must entice a victim into opening a specially crafted .PXA file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.||February 16, 2011||Windows||Exploits/Client Side|
|PKZIP dwmapi DLL Hijacking Exploit||PKZIP is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .ZIPX file.||December 2, 2010||Windows||Exploits/Client Side|
|Plone popen2 Remote Command Execution Exploit||This module exploits a remote command execution vulnerability in the Zope web application server used by Plone, by sending a specially crafted HTTP request to the affected web site. The vulnerability exists because it is possible to remotely invoke the popen2 function from the Python os package with arbitrary arguments in the context of the affected server. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable machine.||January 30, 2012||CVE-2011-3587||FreeBSD||Exploits/Remote|
|Pointdev IDEAL Administration IPJ Buffer Overflow Exploit||This module exploits a vulnerability in Pointdev IDEAL Administration, when importing a project file, may allow a remote unprivileged user who provides a crafted IPJ document that is opened by a local user to execute code on the system with the privileges of the user running Pointdev IDEAL Administration. This can be exploited to cause a stack based buffer overflow when a specially crafted file is imported.||May 19, 2011||Windows||Exploits/Client Side|
|Pointdev IDEAL Migration IPJ Buffer Overflow Exploit||Pointdev IDEAL Migration is prone to a stack-based buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied data, when handling .IPJ files.||July 27, 2010||Windows||Exploits/Client Side|