Expert validated exploits for safe and effective pen tests
Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.
Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Whether written by our own internal team or by a third party like ExCraft, you can trust they have been thoroughly tested and validated by our experts.
Stay Informed of New Core Certified Exploits
Subscribe to receive regular email updates on new exploits available for Core Impact
Browse the Core Certified Exploit Library
We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications.
Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.
Spring Framework Spring4Shell Remote Code Execution Exploit
An unsafe data binding used to populate an object from request parameters (either query parameters or form data) to set a Tomcat specific ClassLoader in Spring MVC and Spring WebFlux applications allows unauthenticated attackers to upload and execute a JSP file in the Tomcat virtual file system webapps directory.
Tenda routers G3 could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in function formSetNetCheckTools. By sending a specially-crafted request using the hostName parameter, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Exploits / Remote Code Execution
ScriptCase 9.7.016 - Arbitrary File Deletion
ScriptCase 9.7.016 is vulnerable for Arbitrary File Deletion from admin's account Authorized attacker can delete any file in the system
Linux Kernel watch_queue Local Privilege Escalation Exploit
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel's watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369.
A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. As an example, this could allow an attacker to impersonate another VPN user and establish a Clientless SSL VPN or AnyConnect VPN session to the device as that user
Remote Denial Of Service in GenBroker.exe version 9.00.166.01 for Windows (32-bit) on windows xp sp3 rus
Denial of Service / Remote
Indigo Scada Info Disclosure
Indigo Scada Information Disclosure
Exploits / Remote File Disclosure
Veeam Backup and Replication ExecuteUploadManagerPerformUpload Remote Code Execution Exploit
An authentication bypass in Veeam.Backup.ServiceLib.CForeignInvokerNegotiateAuthenticator.Authenticate and a file upload present in ExecuteUploadManagerPerformUpload allows an unauthenticated attacker to execute system commands with the privileges of the "IIS Worker Process" process (NT AUTHORITY\\NETWORK SERVICE)