Core Impact Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

We provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Fill out the form to sign up for email updates

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Category Platform
Linux waitid Privilege Escalation Exploit The waitid implementation in upstream kernels did not restrict the target destination to copy information results. This can allow local users to write to otherwise protected kernel memory, which can lead to privilege escalation. CVE-2017-5123 Exploits/Local Linux
pfSense system groupmanager Command Execution Exploit This module exploits a post authentication vulnerability in pfSense by abusing the system_groupmanager.php page which allows users to get Code Execution. NOCVE-9999-99510 Exploits/OS Command Injection/Known Vulnerabilities FreeBSD
IKARUS anti.virus ntguard_x64 Local Privilege Escalation This vulnerability allows local attackers to escalate privileges on vulnerable installations of IKARUS anti.virus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of crafted IOCTL 0x8300000c by the ntguard_x64.sys kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to elevate privileges in context of kernel. CVE-2017-14961 Exploits/Local Windows
TrendMicro Officescan Widget Remote Command Execution Exploit TrendMicro is prone to an abuse in the talker.php function to get authentication bypass, combined with the mod TMCSS user-supplied unvalidated input before using it to execute a system calls leads us to execute arbitrary code. CVE-2017-11394 Exploits/OS Command Injection/Known Vulnerabilities Windows
DotCMS ajax_file_upload Arbitrary File Upload Vulnerability Exploit This module exploits an arbitrary file upload in DotCMS to install an agent. NOCVE-9999-97138 Exploits/Remote File Inclusion/Known Vulnerabilities Windows, Linux
REDDOXX Appliance ExecuteDiag Remote Command Injection Exploit This module exploits a command injection vulnerability in REDDOXX Appliance to install an agent. NOCVE-9999-98541 Exploits/OS Command Injection/Known Vulnerabilities Linux
Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Exploit Update This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr12xx kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. CVE-2017-14075 Exploits/Local Windows
Dup Scout Enterprise Username Buffer Overflow Exploit Dup Scout is prone to a buffer overflow when handling an overly long username. NOCVE-9999-98891 Exploits/Remote Windows
Microsoft Office Memory Corruption Exploit (CVE-2017-11882) A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. CVE-2017-11882 Exploits/Client Side Windows
NVIDIA DxgDdiEscape Handler Privilege Escalation Exploit Update NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges. This update add reliability and speed to the attack. CVE-2016-7387 Exploits/Local Windows
Trend Micro Mobile Security for Enterprise upload_img_file Arbitrary File Upload Vulnerability Exploit This module exploits an arbitrary file upload in Trend Micro Mobile Security for Enterprise to install an agent. CVE-2017-14079 Exploits/Remote File Inclusion/Known Vulnerabilities Windows
Microsoft Office Memory Corruption Exploit (CVE-2017-11826) A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. CVE-2017-11826 Exploits/Client Side Windows
WECON LeviStudio HMI Editor Buffer Overflow Exploit Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code. CVE-2017-13999 Exploits/Client Side Windows
CyberGhost CG6Service Service SetPeLauncherState Vulnerability Local Privilege Escalation Exploit Update The CG6Service Service in CyberGhost has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process. This update fixes a minor bug. NOCVE-9999-85362 Exploits/Local Windows
Adobe ColdFusion Java JMX-RMI Remote Code Execution Exploit Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. CVE-2017-11283 Exploits/Remote Windows
VX Search Enterprise POST Buffer Overflow Exploit VX Search Enterprise is prone to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. CVE-2017-15220 Exploits/Remote Windows
Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Exploit The application allows an attacker to specify a server to perform authentication. That server also allows to execute controlled SQL directly against the database. This module abuses of the previous vulnerabilities in order execute an agent as SYSTEM. NOCVE-9999-96866 Exploits/Remote Windows
EFS Chat Server POST Buffer Overflow Exploit Username parameter in Registeration page 'register.ghp' is prone to a stack-based buffer-overflow vulnerability. Application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. NOCVE-9999-92479 Exploits/Remote Windows
Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Exploit This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr12xx kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. CVE-2017-14075 Exploits/Local Windows
Apache Tomcat readonly Initialisation Parameter JSP Remote Code Execution Exploit Apache Tomcat allows the upload of JSP files to unauthenticated users via a specially crafted request when the readonly initialization parameter of the Default servlet is set to false. CVE-2017-12617 Exploits/Remote Linux, Windows
SyncBreeze POST Username Buffer Overflow Exploit The vulnerability is a buffer overlow when parsing a POST command with a crafted username. NOCVE-9999-96929 Exploits/Remote Windows
ATutor AContent ims_import.php Zip File Upload Directory Traversal PHP Remote Code Execution Exploit This module exploits a zip file upload directory traversal in ATutor AContent to install an agent. NOCVE-9999-95359 Exploits/Remote File Inclusion/Known Vulnerabilities
PCMan FTP Server USER Command Buffer Overflow Exploit Update PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. This update improves the exploit reliability. CVE-2013-4730 Exploits/Remote Windows
Exploit fixes This update fixes several non related issues in the exploit component. CVE-2011-1907 Exploits/Remote Linux, Windows, Solaris, AIX
Microsoft NET Framework SOAP WSDL Parser Code Injection CVE-2017-8759 A vulnerability exists in Microsoft .NET. A specially crafted RTF document or application can trigger an input validation flaw and execute arbitrary code on the target user's system. CVE-2017-8759 Exploits/Client Side Windows
Schneider Electric U.motion Builder file_picker.php Directory Traversal Arbitrary File Upload Remote Code Execution Exploit This module exploits a directory traversal arbitrary file upload in Schneider Electric U.Motion Builder to install an agent. NOCVE-9999-95622 Exploits/Remote File Inclusion/Known Vulnerabilities
MS17-010 Detector update This update fixes an issue handling the report of the vulnerability. CVE-2017-0143 Exploits/Remote Windows
Apache Struts 2 REST Plugin XStream Exploit This module exploits a Java deserialization bug in Apache Struts REST XStreamHandler which allows users to get Code Execution. CVE-2017-9805 Exploits/OS Command Injection/Known Vulnerabilities Linux
Delta Industrial Automation WPLSoft File Parsing Buffer Overflow Exploit The specific flaw exists within the processing of DVP files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. NOCVE-9999-95623 Exploits/Client Side Windows
Fuji Electric Monitouch V-SFT Project File Buffer Overflow Exploit The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. CVE-2017-9659 Exploits/Client Side Windows