Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Titlesort descending Description Vulnerabilty Category Platform
010 Editor wintab32 DLL Hijacking Exploit 010 Editor is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .HEX file. NOCVE-9999-46107 Exploits/Client Side Windows
3Com TFTP Transporting Mode Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field. CVE-2006-6183 Exploits/Remote Windows
3D Life Player WebPlayer ActiveX Buffer Overflow Exploit A boundary error exists in the WebPlayer ActiveX control when processing the "SRC" property with an overly long string. NOCVE-9999-52362 Exploits/Client Side Windows
3S CoDeSys Gateway Server Arbitrary File Upload Exploit 3S Codesys Gateway Server is prone to a directory traversal vulnerability that allows arbitrary file creation. CVE-2012-4705 Exploits/Remote Windows
3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 SaveCurrentImageEx Buffer Overflow Exploit The specific flaw exists within the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control. The SaveCurrentImageEx method copies an attacker provided filename into a fixed size buffer. CVE-2014-9263 Exploits/Client Side Windows
7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. CVE-2011-1567 Exploits/Remote Windows
7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit Update This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. This version add CVE. CVE-2011-1567 Exploits/Remote Windows
7T Interactive Graphical SCADA System ODBC Server Remote Memory Corruption DoS This module exploits a memory corruption vulnerability in the IGSS ODBC Server by sending a malformed packet to the 20222/TCP port to crash the application. NOCVE-9999-47172 Denial of Service/Remote Windows
A-PDF WAV to MP3 Converter Buffer Overflow Exploit A-PDF WAV to MP3 Converter contains a buffer prone to exploitation via an crafted WAV file. NOCVE-9999-44866 Exploits/Client Side Windows
ABB MicroSCADA Wserver Buffer Overflow Exploit This vulnerability is a buffer overflow and allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver without authentication. The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack buffer ovreflow. NOCVE-9999-61094 Exploits/Remote Windows
ABB Robot Communications Runtime Buffer Overflow Exploit A buffer overflow exists in a component of the Robot Communication Runtime used in some ABB programs for the communications to the IRC5, IRC5C, and IRC5P robot controllers. This version add CVE. CVE-2012-0245 Exploits/Remote Windows
ABBS Audio Media Player Buffer Overflow Exploit ABBS Audio Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in ABBS when handling .lst files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .lst file. NOCVE-9999-58468 Exploits/Client Side Windows
ACDSee Canvas wintab32 DLL Hijacking Exploit ACDSee Canvas is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .CVI file. NOCVE-9999-45899 Exploits/Client Side Windows
ACDSee FotoSlate dwmapi DLL Hijacking Exploit ACDSee FotoSlate is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PLP file. NOCVE-9999-49254 Exploits/Client Side Windows
ACDSee FotoSlate PLP File Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing the "id" parameter in a Project (PLP) file. CVE-2011-2595 Exploits/Client Side Windows
ACDSee Photo Editor 2008 XMB File Buffer Overflow Exploit ACDSee Photo Editor is prone to a buffer-overflow vulnerability due to a boundary error when processing XBM image files. NOCVE-9999-47670 Exploits/Client Side Windows
ACDSee Products TIFF Buffer Overflow Exploit Multiple ACDSee products are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks when processing a malformed TIF image. NOCVE-9999-38512 Exploits/Client Side Windows
ACDSee Products TIFF Buffer Overflow Exploit Update Multiple ACDSee products are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks when processing a malformed TIFF image. This update adds support for older ACDSee versions. NOCVE-9999-38512 Exploits/Client Side Windows
ACDSee XPM File Handling Buffer Overflow Exploit This module exploits a vulnerability in ACDSee Products (ID_X.apl plugin). The vulnerability is caused due to boundary error in ID_X.apl within the processing of xpm files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. CVE-2007-2193 Exploits/Client Side Windows
Achievo atksearch Cross Site Scripting Exploit A Reflected Cross Site Scripting vulnerability was found in the atksearch[contractnumber], atksearch_AE_customer[customer] and atksearchmode[contracttype] variables within the 'Organisation Contracts' administration page. This is because the application does not properly sanitise the users input. CVE-2009-2733 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities none
Acoustica Beatcraft BCPROJ Buffer Overflow Exploit Acoustica Beatcraft contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Acoustica Beatcraft when handling .BCPROJ files. CVE-2008-4087 Exploits/Client Side none
Acoustica Mixcraft MX4 Buffer Overflow Exploit Acoustica Mixcraft is prone to a buffer-overflow vulnerability in the handling of .MX4 project files, because the application fails to bounds-check user-supplied data, before copying it into an insufficiently sized buffer. CVE-2008-3877 Exploits/Client Side Windows
Acoustica MP3 CD Burner ASX Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing malformed ASX playlist files. This can be exploited to cause a stack-based buffer overflow tricking a user into opening a specially crafted playlist file containing a ref tag with an overly long href attribute. CVE-2007-3006 Exploits/Client Side none
ActFax RAW Server Buffer Overflow Exploit A vulnerability in ActFax Server RAW server used to transfer fax messages without protocols. Data fields. @F506,@F605, and @F000 are vulnerable. NOCVE-9999-56765 Exploits/Remote Windows
ActFax Server FTP User Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long USER name on the FTP Server. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-49018 Exploits/Remote Windows
ActFax Server LPD-LPR Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long Print Job command on the Line Printer Daemon Server (LPD-Server) . This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-47199 Exploits/Remote Windows
Active Directory LDAP Request Handling DoS (MS08-060) Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. CVE-2008-4023 Denial of Service/Remote Windows
ActiveFax Server FTP Buffer Overflow Exploit ActiveFax Server's FTP service has a remote buffer overflow vulnerability that can be exploited by an authenticated atacker. NOCVE-9999-48689 Exploits/Remote Windows
ActSoft DVD Tools Buffer Overflow Exploit This module exploits a vulnerability in the dvdtools.ocx control included in the ActSoft DVD Tools ActiveX application. The exploit is triggered when the OpenDVD() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-0976 Exploits/Client Side Windows
Acunetix Web Vulnerability Scanner GUI Html Script Injection Exploit Acunetix Web Vulnerability Scanner 10.0 build 20160216 and previous versions, allows remote attackers to execute arbitrary JavaScript code in the context of the scanner GUI. The flaw exists in the way Acunetix WVS render some html elements inside it's GUI, using jscript.dll without any concern about unsafe ActiveX object such as WScript.shell. This module also abuses of a second vulnerability affecting the Acunetix Web Vulnerability Scanner Scheduler to gain SYSTEM privileges. NOCVE-9999-74978 Exploits/Client Side Windows