Core Impact Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Category Platform
Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Exploit The application allows an attacker to specify a server to perform authentication. That server also allows to execute controlled SQL directly against the database. This module abuses of the previous vulnerabilities in order execute an agent as SYSTEM. NOCVE-9999-96866 Exploits/Remote Windows
Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Exploit This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr12xx kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. CVE-2017-14075 Exploits/Local Windows
EFS Chat Server POST Buffer Overflow Exploit Username parameter in Registeration page 'register.ghp' is prone to a stack-based buffer-overflow vulnerability. Application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. NOCVE-9999-92479 Exploits/Remote Windows
Apache Tomcat readonly Initialisation Parameter JSP Remote Code Execution Exploit Apache Tomcat allows the upload of JSP files to unauthenticated users via a specially crafted request when the readonly initialization parameter of the Default servlet is set to false. CVE-2017-12617 Exploits/Remote Windows, Linux
SyncBreeze POST Username Buffer Overflow Exploit The vulnerability is a buffer overlow when parsing a POST command with a crafted username. NOCVE-9999-96929 Exploits/Remote Windows
ATutor AContent ims_import.php Zip File Upload Directory Traversal PHP Remote Code Execution Exploit This module exploits a zip file upload directory traversal in ATutor AContent to install an agent. NOCVE-9999-95359 Exploits/Remote File Inclusion/Known Vulnerabilities none
PCMan FTP Server USER Command Buffer Overflow Exploit Update PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. This update improves the exploit reliability. CVE-2013-4730 Exploits/Remote Windows
Exploit fixes This update fixes several non related issues in the exploit component. CVE-2011-1907 Exploits/Remote Linux, Windows, Solaris, AIX
Microsoft NET Framework SOAP WSDL Parser Code Injection CVE-2017-8759 A vulnerability exists in Microsoft .NET. A specially crafted RTF document or application can trigger an input validation flaw and execute arbitrary code on the target user's system. CVE-2017-8759 Exploits/Client Side Windows
Schneider Electric U.motion Builder file_picker.php Directory Traversal Arbitrary File Upload Remote Code Execution Exploit This module exploits a directory traversal arbitrary file upload in Schneider Electric U.Motion Builder to install an agent. NOCVE-9999-95622 Exploits/Remote File Inclusion/Known Vulnerabilities none
MS17-010 Detector update This update fixes an issue handling the report of the vulnerability. CVE-2017-0143 Exploits/Remote Windows
Apache Struts 2 REST Plugin XStream Exploit This module exploits a Java deserialization bug in Apache Struts REST XStreamHandler which allows users to get Code Execution. CVE-2017-9805 Exploits/OS Command Injection/Known Vulnerabilities Linux
Delta Industrial Automation WPLSoft File Parsing Buffer Overflow Exploit The specific flaw exists within the processing of DVP files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. NOCVE-9999-95623 Exploits/Client Side Windows
Fuji Electric Monitouch V-SFT Project File Buffer Overflow Exploit The specific flaw exists within parsing of a V8 project file. The issue lies in the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. CVE-2017-9659 Exploits/Client Side Windows
RAT Gh0st Controller Server Buffer Overflow Exploit This module exploits a buffer overflow in the Gh0st Controller Server when handling a drive list. NOCVE-9999-95050 Exploits/Remote Windows
OrientDB Remote Command Execution Exploit This module exploits a privilege escalation vulnerability in OrientDB by abusing SQL queries on OUser/ORole without the privileges which allows users to get Code Execution. CVE-2017-11467 Exploits/OS Command Injection/Known Vulnerabilities Linux
Eaton ELCSoft EPC File Buffer Overflow Exploit The specific flaw exists within processing of EPC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. NOCVE-9999-94184 Exploits/Client Side Windows
Advantech WebAccess nvA1Media Caption Heap-based Buffer Overflow Remote Code Execution Exploit The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. NOCVE-9999-94575 Exploits/Client Side Windows
Advantech WebOP Designer Project File Heap Buffer Overflow Remote Code Execution Exploit The specific flaw exists within the parsing of a pm3 project file. A heap-based buffer overflow vulnerability exists in a call to memcpy. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. CVE-2017-12705 Exploits/Client Side Windows
NVIDIA DxgDdiEscape Handler Privilege Escalation Exploit NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges. CVE-2016-7387 Exploits/Local Windows
Nitro Pro PDF Reader Javascript API Remote Code Execution Exploit This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader. The saveAs() Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL() function allows an attacker to execute local files on the file system and bypass the security dialog. NOCVE-9999-93587 Exploits/Client Side Windows
Apache Struts 2 ActionMessage Remote Code Execution Exploit This module exploits a vulnerability in Apache Struts 2. The specific vulnerability relies on the Struts 1 plugin which might allow remote attackers to execute arbitrary code via a malicious field value passed in a raw message to the ActionMessage. CVE-2017-9791 Exploits/Remote Windows, Linux
Hewlett Packard Enterprise IMC PLAT dbman Command Injection Exploit HP Intelligent Management Center is prone to a remote vulnerability that allows attackers to execute commands under the context of system. CVE-2017-8950 Exploits/Remote Windows
CMS Made Simple editusertag.php Remote OS Command Injection Exploit CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. CVE-2017-8912 Exploits/Remote Windows, Linux
Microsoft Windows LNK Shortcut Automatic File Execution Exploit (CVE-2017-8464) This vulnerability allows to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability." CVE-2017-8464 Exploits/Tools Windows
Fuji Electric V Server VPR File Parsing Memory Corruption Exploit The specific flaw exists within parsing of a VPR file. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. CVE-2017-9639 Exploits/Client Side Windows
Mitsubishi Electric E-Designer BEComliSlave Driver Configuration Status_bit Buffer Overflow Exploit The specific flaw exists within processing of a driver configuration file when initializing the BEComliSlave component. When parsing the property Status_bit, the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the Administrator CVE-2017-9638 Exploits/Client Side Windows
Linux Kernel UFO Memory Corruption Privilege Escalation Exploit This module exploits a memory corruption vulnerability in the Linux kernel. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption that can be used by an attacker to escalate privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2017-1000112 Exploits/Local Linux
WordPress PHPMailer Remote Code Execution Exploit This module exploits a PHPMailer vulnerability in WordPress abusing a Lost Password recovery action and installs an agent. CVE-2016-10033 Exploits/OS Command Injection/Known Vulnerabilities Linux
Linux Kernel packet_set_ring Privilege Escalation Exploit This module exploits a signedness error condition in the Linux Kernel via PACKET_RX_RING option on an AF_PACKET socket with a TPACKET_V3 ring buffer version enabled. The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to escalate privileges. CVE-2017-7308 Exploits/Local Linux