Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates
When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.
Use the controls below to navigate Core Impact exploits and other modules.
| Title | Description | Vulnerabilty |
Category |
Platform |
|---|---|---|---|---|
| Joomla com_fields SQL Injection Exploit | This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors. | CVE-2017-8917 | Exploits/SQL Injection/Known Vulnerabilities | Linux |
| Joomla com_contenthistory SQL Injection | This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors | CVE-2015-7297 | Exploits/SQL Injection/Known Vulnerabilities | Linux |
| Magento eCommerce Web Sites Remote Code Execution Exploit | Magento eCommerce Web Sites suffers from a Authentication Bypass Vulnerability, a Blind SQL Injection Vulnerability and a Remote File Inclusion Vulnerability. These 3 vulnerabilities, allows an attacker to gain arbitrary code execution on the affected system. | CVE-2015-1397 | Exploits/Authentication Weakness/Known Vulnerabilities | none |
| Magento eCommerce Web Sites Deserialization Remote Code Execution Exploit | This module uses an unauthenticated deserialization vulnerability in Magento eCommerce Web Sites to perform an arbitrary write file to gain arbitrary PHP code execution on the affected system. | CVE-2016-4010 | Exploits/Authentication Weakness/Known Vulnerabilities | none |
| Joomla User Agent Object Injection Exploit | This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend. | CVE-2015-8562 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Ruby on Rails Action View Directory Traversal Exploit | This vulnerability allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method. Combining this with log injection, remote code execution can be achieved. | CVE-2016-0752 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| WordPress PHPMailer Remote Code Execution Exploit | This module exploits a PHPMailer vulnerability in WordPress abusing a Lost Password recovery action and installs an agent. | CVE-2016-10033 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Drupal core SQL injection Exploit Update | This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704). | CVE-2014-3704 | Exploits/OS Command Injection/Known Vulnerabilities | Windows, Linux |
| Apache Struts 2 REST Plugin XStream Exploit | This module exploits a Java deserialization bug in Apache Struts REST XStreamHandler which allows users to get Code Execution. | CVE-2017-9805 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Spring Boot Default Error Page Expression Language Injection Exploit | Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections. This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent. | CVE-2013-1966 | Exploits/OS Command Injection/Known Vulnerabilities | Windows, Linux, Solaris |
| HPE iMC WebDMDebugServlet Java Deserialization Vulnerability Remote Code Execution Exploit | HPE Intelligent Management Center is prone to a remote vulnerability that allows attackers to take advantage of an improper validation of user-supplied data, which can result in deserialization of untrusted data in WebDMDebugServlet. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. | CVE-2017-12557 | Exploits/OS Command Injection/Known Vulnerabilities | Windows |
| Apache Struts 2 REST Plugin Remote Code Execution Exploit | The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled. This vulnerability allows remote attackers to execute arbitrary Java code on the affected server. This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled. | CVE-2016-3087 | Exploits/OS Command Injection/Known Vulnerabilities | Windows, Linux |
| REDDOXX Appliance ExecuteDiag Remote Command Injection Exploit | This module exploits a command injection vulnerability in REDDOXX Appliance to install an agent. | NOCVE-9999-98541 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| PHPMailer Remote Command Execution Exploit Update | PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. This updates adds x86/x64 and HTTP/HTTPS Channel Support. | CVE-2016-10033 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| TrendMicro Officescan Widget Remote Command Execution Exploit | TrendMicro is prone to an abuse in the talker.php function to get authentication bypass, combined with the mod TMCSS user-supplied unvalidated input before using it to execute a system calls leads us to execute arbitrary code. | CVE-2017-11394 | Exploits/OS Command Injection/Known Vulnerabilities | Windows |
| PHPMailer Remote Command Execution Exploit Update 2 | PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. This fixes a small try/catch exception error. | CVE-2016-10033 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| pfSense system groupmanager Command Execution Exploit | This module exploits a post authentication vulnerability in pfSense by abusing the system_groupmanager.php page which allows users to get Code Execution. | NOCVE-9999-99510 | Exploits/OS Command Injection/Known Vulnerabilities | FreeBSD |
| Joomla User Agent Object Injection Exploit Update | This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend. This update fixes an issue which made the exploit abort before running. | CVE-2015-8562 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| phpMyAdmin Post Auth Remote Code Exploit | phpMyAdmin is prone to a regexp abuse via an eval modifier which can be found in old PHP versions. This vulnerability allows authenticated attackers to run arbitrary php code on the affected server. PHP versions 4.3.0-5.4.6 had a "feature" which allowed users to run a RegExp Pattern Modifier using PREG_REPLACE_EVAL and may lead to execute code. phpMyAdmin had an issue in their code that can be exploited from a table replace call. The general idea is to insert a crafted regexp eval record format, and then trigger it via a find and replace function with system commands For that purpose, the exploit will try to use any existing cookies of that host, or the username and password provided. Once logged in, if the user provided a database, it will be used. If not, we will search for existing databases. The attack will not leave any trace. This exploit installs an OS Agent. | CVE-2016-5734 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Apache Struts 2 Multipart File Upload Remote Code Execution Exploit | Remote Code Execution when performing file upload based on Jakarta Multipart parser. | CVE-2017-5638 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| PHPMailer Remote Command Execution Exploit | PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | CVE-2016-10033 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Drupal RESTWS Module PHP Remote Command Injection Exploit | RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. | NOCVE-9999-75002 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| SugarCRM REST Unserialize PHP Exploit | This module exploits an unauthenticated PHP Injection vulnerability abusing the unserialize() function. | NOCVE-9999-79965 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Apache Struts 2 Multipart File Upload Remote Code Execution Exploit Update | Remote Code Execution when performing file upload based on Jakarta Multipart parser. This update adds support to Linux x86_64 distributions | CVE-2017-5638 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| WordPress Landing Pages Plugin Remote Command Execution | This update introduces an OS Command Injection Exploit for the "Wordpress Landing Pages" plugin. | CVE-2015-5227 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| OrientDB Remote Command Execution Exploit | This module exploits a privilege escalation vulnerability in OrientDB by abusing SQL queries on OUser/ORole without the privileges which allows users to get Code Execution. | CVE-2017-11467 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Ruby on Rails Action Pack Inline Exec Exploit | Action Pack in Ruby on Rails allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | CVE-2016-2098 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Trend Micro Mobile Security for Enterprise upload_img_file Arbitrary File Upload Vulnerability Exploit | This module exploits an arbitrary file upload in Trend Micro Mobile Security for Enterprise to install an agent. | CVE-2017-14079 | Exploits/Remote File Inclusion/Known Vulnerabilities | Windows |
| FCKeditor CurrentFolder Parameter Arbitrary File Upload Exploit | FCKeditor is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. | CVE-2009-2265 | Exploits/Remote File Inclusion/Known Vulnerabilities | none |
| pPim Remote File Inclusion Exploit | This module exploits a vulnerability in pPIM's upload.php script that allows attackers to upload arbitrary scripts of any type to the target server. | NOCVE-9999-36557 | Exploits/Remote File Inclusion/Known Vulnerabilities | none |