Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Category Platform
Solarwinds LEM Management Virtual Appliance Shell Escape OS Command Injection Exploit Insufficient input validation in the management interface of Solarwinds LEM Management Virtual Appliance v6.3.1 can be leveraged in order to execute arbitrary commands. This can lead to shell access to the underlying operating system as root. NOCVE-9999-92480 Exploits/Remote Linux
Linux Kernel DCCP_PKT_REQUEST Privilege Escalation Exploit This module exploits a double-free vulnerability in the Linux Kernel. The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to escalate privileges via an application that makes an IPV6_RECVPKTINFO setsockopt system call. CVE-2017-6074 Exploits/Local Linux
UCanCode E-XD Visualization Enterprise Suite UCCDRAW AddStringUserProperty Untrusted Pointer Dereference Exploit The specific flaw exists within processing of the AddStringUserProperty method within the UCCDRAW.UCCDrawCtrl.1 ActiveX control. The process does not properly validate a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. NOCVE-9999-92371 Exploits/Client Side Windows
Linux Kernel SO_SNDBUFFORCE Privilege Escalation Exploit This module exploits a signedness issue in the Linux Kernel. The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to escalate privileges. CVE-2016-9793 Exploits/Local Linux
Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Command Injection Exploit The specific flaw exists within the dbman.exe service, which listens on TCP port 2810 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. CVE-2017-5817 Exploits/Remote Windows
Trend Micro InterScan Web Security Virtual Appliance doPostMountDevice OS Command Injection Exploit Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection which allows attackers the execution of system commands. NOCVE-9999-91565 Exploits/Remote Linux
Microsoft Office Word OLE2Link OLE Object Exploit Update This module exploits a vulnerability in Microsoft Office Word. The flaw is related in how Microsoft Word handles OleLink objects. It is possible to open a RTF file and execute arbitrary code in vulnerables installations of Microsoft Office Word. This vulnerability was originally seen being exploited in the wild starting in October 2016. This module adds support for Microsoft Office 2010, Microsoft Office 2013 and Microsoft Office 2016. CVE-2017-0199 Exploits/Client Side Windows
Samba Pipe dlopen Remote Code Execution Exploit This module installs a level0 agent by writing a .so library and requesting an open pipe on the remote host. CVE-2017-7494 Exploits/Remote Linux
Joomla com_fields SQL Injection Exploit This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors. CVE-2017-8917 Exploits/SQL Injection/Known Vulnerabilities Linux
Magento eCommerce Web Sites RetrieveImage.php Arbitrary File Upload Exploit This module uses an arbitrary file upload vulnerability in Magento eCommerce Web Sites to gain arbitrary code execution on the affected system. Authentication is required to access the administrative panel. NOCVE-9999-87682 Exploits/Remote File Inclusion/Known Vulnerabilities none
Microsoft Windows COM Aggregate Marshaler Type Confusion Exploit An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. CVE-2017-0213 Exploits/Local Windows
Microsoft Windows SMB Pool Overflow Remote Code Execution (MS17-010) This module exploits the ms17-010 vulnerability by taking advantage of a remote pool overflow in the smb transaction handling code of the windows smb driver. CVE-2017-0143 Exploits/Remote Windows
Microsoft Office Malformed EPS Use-After-Free File Vulnerability Exploit Use After Free in Microsoft Office allows remote attackers to execute arbitrary code via crafted EPS file in an Office document, leading to improper memory allocation. CVE-2017-0261 Exploits/Client Side Windows
Nuxeo Platform CMS Directory Traversal Vulnerability JSP File Upload Exploit This module uses a directory traversal vulnerability in the file import feature in Nuxeo Platform CMS to upload a JSP to gain arbitrary code execution on the affected system. CVE-2017-5869 Exploits/Remote File Inclusion/Known Vulnerabilities none
Microsoft Office Word OLE2Link OLE Object Exploit This module exploits a vulnerability in Microsoft Office Word. The flaw is related in how Microsoft Word handles OleLink objects. It is possible to open a RTF file and execute arbitrary code in vulnerables installations of Microsoft Office Word. This vulnerability was originally seen being exploited in the wild starting in October 2016. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2017-0199 Exploits/Client Side Windows
Microsoft Windows ERRATICGOPHER SMB Remote Code Execution Update ErraticGopher exploits a memory corruption (seems to be a Heap Overflow) in the Windows DCE-RPC Call MIBEntryGet. This version adds XP SP3 support. NOCVE-9999-87537 Exploits/Remote Windows
DiskBoss Enterprise GET Buffer Overflow Exploit Disk Sorter Enterprise server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges. NOCVE-9999-87376 Exploits/Remote Windows
Microsoft Windows ERRATICGOPHER SMB Remote Code Execution ErraticGopher exploits a memory corruption (seems to be a Heap Overflow) in the Windows DCE-RPC Call MIBEntryGet. NOCVE-9999-87537 Exploits/Remote Windows
Microsoft Windows SMB Remote Code Execution (MS17-010) Detector This module detects if MS17-010 is whether patched or not in a remote host. CVE-2017-0143 Exploits/Remote Windows
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution Exploit This module exploits two vulnerabilities in Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot. This is useful if the password for the admin user is unknown. The second is an authenticated command injection flaw using the timezone parameter in the admin_sys_time.cgi interface. CVE-2016-7547 Exploits/Remote Code Execution Linux
Microsoft Windows OLE Package Manager Code Execution Exploit (MS14-064) Update Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document. This update fixes agent size problems. CVE-2014-6352 Exploits/Client Side Windows
HPE Intelligent Management Center Java RMI Registry Deserialization Vulnerability Remote Code Execution Exploit HPE Intelligent Management Center is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the RMI Registry service used to manage and monitor the Java Virtual Machine. CVE-2017-5792 Exploits/Remote Windows
PHPMailer Remote Command Execution Exploit Update PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. This updates adds x86/x64 and HTTP/HTTPS Channel Support. CVE-2016-10033 Exploits/OS Command Injection/Known Vulnerabilities Linux
PHPMailer Remote Command Execution Exploit Update 2 PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. This fixes a small try/catch exception error. CVE-2016-10033 Exploits/OS Command Injection/Known Vulnerabilities Linux
Boonex Dolphin PHP File Upload Remote Code Execution Exploit Authentication bypass and upload of file with dangerous type in Boonex Dolphin <= 7.3.2 allows to remote unauthenticated attackers to affect integrity and availability via PHP remote file inclusion. NOCVE-9999-85482 Exploits/Remote File Inclusion/Known Vulnerabilities none
Sync Breeze Enterprise GET Buffer Overflow Exploit Sync Breeze Enterprise is prone to a buffer overflow when handling an overly long HTTP GET request packet. NOCVE-9999-86102 Exploits/Remote Windows
3S-Smart Software Solutions GmbH CODESYS Web Server Upload Restricted File and Buffer Overflow Exploit A specially crafted web server request may allow the upload of arbitrary files to the CODESYS Web Server without authorization which may allow remote code execution. A malicious user could overflow a buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code. CVE-2017-6027 Exploits/Remote Windows
IIS WebDav ScStoragePathFromUrl Remote Code Execution Exploit Update A buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. This update adds support for "Connect to" agent connection method and more supported platforms. CVE-2017-7269 Exploits/Remote Windows
IIS WebDav ScStoragePathFromUrl Remote Code Execution Exploit A buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. CVE-2017-7269 Exploits/Remote Windows
Micro Focus Rumba WdMacCtl ActiveX Exploit Micro Focus Rumba is prone to buffer overflow when PlayMacro() within WdMacCtl.ocx is used with an overly long MacroName argument. CVE-2016-5228 Exploits/Client Side Windows