Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort ascending Platform
Joomla com_contenthistory SQL Injection This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors CVE-2015-7297 Exploits/SQL Injection/Known Vulnerabilities Linux
Magento eCommerce Web Sites Deserialization Remote Code Execution Exploit This module uses an unauthenticated deserialization vulnerability in Magento eCommerce Web Sites to perform an arbitrary write file to gain arbitrary PHP code execution on the affected system. CVE-2016-4010 Exploits/Authentication Weakness/Known Vulnerabilities none
Magento eCommerce Web Sites Remote Code Execution Exploit Magento eCommerce Web Sites suffers from a Authentication Bypass Vulnerability, a Blind SQL Injection Vulnerability and a Remote File Inclusion Vulnerability. These 3 vulnerabilities, allows an attacker to gain arbitrary code execution on the affected system. CVE-2015-1397 Exploits/Authentication Weakness/Known Vulnerabilities none
Spring Boot Default Error Page Expression Language Injection Exploit Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections. This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent. CVE-2013-1966 Exploits/OS Command Injection/Known Vulnerabilities Windows, Linux, Solaris
Apache Struts 2 REST Plugin Remote Code Execution Exploit The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled. This vulnerability allows remote attackers to execute arbitrary Java code on the affected server. This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled. CVE-2016-3087 Exploits/OS Command Injection/Known Vulnerabilities Windows, Linux
Drupal core SQL injection Exploit Update This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704). CVE-2014-3704 Exploits/OS Command Injection/Known Vulnerabilities Windows, Linux
Joomla User Agent Object Injection Exploit This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend. CVE-2015-8562 Exploits/OS Command Injection/Known Vulnerabilities Linux
phpMyAdmin Post Auth Remote Code Exploit phpMyAdmin is prone to a regexp abuse via an eval modifier which can be found in old PHP versions. This vulnerability allows authenticated attackers to run arbitrary php code on the affected server. PHP versions 4.3.0-5.4.6 had a "feature" which allowed users to run a RegExp Pattern Modifier using PREG_REPLACE_EVAL and may lead to execute code. phpMyAdmin had an issue in their code that can be exploited from a table replace call. The general idea is to insert a crafted regexp eval record format, and then trigger it via a find and replace function with system commands For that purpose, the exploit will try to use any existing cookies of that host, or the username and password provided. Once logged in, if the user provided a database, it will be used. If not, we will search for existing databases. The attack will not leave any trace. This exploit installs an OS Agent. CVE-2016-5734 Exploits/OS Command Injection/Known Vulnerabilities Linux
Drupal RESTWS Module PHP Remote Command Injection Exploit RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. NOCVE-9999-75002 Exploits/OS Command Injection/Known Vulnerabilities Linux
SugarCRM REST Unserialize PHP Exploit This module exploits an unauthenticated PHP Injection vulnerability abusing the unserialize() function. NOCVE-9999-79965 Exploits/OS Command Injection/Known Vulnerabilities Linux
WordPress Landing Pages Plugin Remote Command Execution This update introduces an OS Command Injection Exploit for the "Wordpress Landing Pages" plugin. CVE-2015-5227 Exploits/OS Command Injection/Known Vulnerabilities Linux
Ruby on Rails Action Pack Inline Exec Exploit Action Pack in Ruby on Rails allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. CVE-2016-2098 Exploits/OS Command Injection/Known Vulnerabilities Linux
Ruby on Rails Action View Directory Traversal Exploit This vulnerability allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method. Combining this with log injection, remote code execution can be achieved. CVE-2016-0752 Exploits/OS Command Injection/Known Vulnerabilities Linux
Joomla User Agent Object Injection Exploit Update This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend. This update fixes an issue which made the exploit abort before running. CVE-2015-8562 Exploits/OS Command Injection/Known Vulnerabilities Linux
FCKeditor CurrentFolder Parameter Arbitrary File Upload Exploit FCKeditor is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-2265 Exploits/Remote File Inclusion/Known Vulnerabilities none
osCommerce Arbitrary File Upload Exploit osCommerce Online Merchant 2.2 RC2a is vulnerable to an Arbitrary File Upload without the need to be authenticated. This leads to arbitrary PHP code execution in the context of the webserver. This module tries to install a RFI agent if the Web Application is vulnerable. It will fail if the webserver is not allowed to write on the document root of the vulnerable web application. NOCVE-9999-40096 Exploits/Remote File Inclusion/Known Vulnerabilities none
Mambo output Remote File Inclusion Exploit A remote file inclusion vulnerability is present in Mambo. /includes/Cache/Lite/Output.php doesn't sanitize the $mosConfig_absolute_path before using it in an include. CVE-2008-2905 Exploits/Remote File Inclusion/Known Vulnerabilities none
nuBuilder Remote File Inclusion Exploit Report.php fails to sanitize user input data on StartingDirectory parameter when used in an include. NOCVE-9999-44562 Exploits/Remote File Inclusion/Known Vulnerabilities none
pPim Remote File Inclusion Exploit This module exploits a vulnerability in pPIM's upload.php script that allows attackers to upload arbitrary scripts of any type to the target server. NOCVE-9999-36557 Exploits/Remote File Inclusion/Known Vulnerabilities none
Drupal core - SQL injection Exploit This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704). CVE-2014-3704 Exploits/SQL Injection Windows, Linux
OpenSite 2.1 Weak Authentication Exploit This module exploits an authentication vulnerability in OpenSite 2.1. The function init in origin/libs/user.php checks for a matching origin_hash cookie. However, this cookie can be bruteforced in at most 2^32 tries for a known username. Actually, the number of attempts could be significantly reduced knowing that we do not have to check for time in the future, and long past. This works for OpenSite 2.1 and below. NOCVE-9999-36572 Exploits/Authentication Weakness none
MyBB Privilege Escalation Exploit A vulnerability has been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "birthdayprivacy" parameter to inc/datahandlers/user.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires a valid user account. The vulnerability is reported in MyBB 1.4.x versions prior to 1.4.7. NOCVE-9999-38921 Exploits/Authentication Weakness none
Wordpress Password Reset Exploit A weakness has been reported in WordPress which can be exploited to bypass certain security restrictions. The weakness is due to a bug within the password reset functionality when verifying the secret key. This can be exploited to reset the password of the first user without a key in the database (usually administrator) without providing the correct secret key. NOCVE-9999-39525 Exploits/Authentication Weakness none
Wordpress Weak Authentication Exploit An attacker, able to register a specially crafted username on a Wordpress 2.5 installation, will also be able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. The proper way to exploit this vulnerability is to use a Wordpress account which its username starts with the word "admin", for example "admin99". This exploit will not be shown on WebApps reports. CVE-2008-1930 Exploits/Authentication Weakness none
HP Intelligent Management FaultDownloadServlet Directory Traversal Exploit This module exploits a directory traversal vulnerability in HP Intelligent Management Center. Due to a lack of authentication and a directory traversal vulnerability in the FaultDownloadServlet component, an attacker can retrieve arbitrary files. CVE-2012-5202 Exploits/Remote File Disclosure Windows
HP Intelligent Management IctDownloadServlet Directory Traversal Exploit This module exploits a directory traversal vulnerability in HP Intelligent Management Center. Due to a lack of authentication and a directory traversal vulnerability in the IctDownloadServlet component, an attacker can retrieve arbitrary files. CVE-2012-5204 Exploits/Remote File Disclosure Windows
OpenSSH xauth Command Injection Vulnerability Exploit An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. The injected xauth commands are performed with the effective permissions of the logged in user. This attack requires the server to have 'X11Forwarding yes' enabled. This module injects source xauth command to retrieve arbitrary files. CVE-2016-3115 Exploits/Remote File Disclosure Linux
Exploit Improvements Update Package This update improves exploit functionality and exploit documentation. CVE-2009-3676 Denial of Service/Client Side Windows
Microsoft Windows Embedded OpenType Fonts Integer Overflow DoS (MS09-065) This module causes a DoS in win32k.sys when attempts to render an embedded font. WARNING: This is an early release module. CVE-2009-2514 Denial of Service/Client Side Windows
Microsoft Windows TrueType Font Parsing Vulnerability Clientside DoS (MS11-087) When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-3402 Denial of Service/Client Side Windows