Library of expert validated exploits for safe and effective pen tests
Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.
Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Whether written by our own internal team or by a third party like ExCraft, you can trust they have been thoroughly tested and validated by our experts.
The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:
What are the most critical attacks from the attacker’s perspective?
What new vulnerabilities are more likely to be exploited in real attacks?
What exploits are the most valuable for Core Impact?
Once an exploit is approved, its priority order considers the following variables:
Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed.
Target Environment Setup: OS, application prevalence, version and special configurations needed.
Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc.
Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation.
Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges.
Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.
Stay Informed of New Core Certified Exploits
Subscribe to receive regular email updates on new exploits available for Core Impact
Browse the Core Certified Exploit Library
We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications.
Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.
Title
Description
Date Added
CVE Link
Exploit Platform
Exploit Type
Product Name
IBM Lotus Domino BMP parsing Buffer Overflow Exploit Update 2
IBM Domino is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing BMP images. By sending a specially-crafted bitmap image, a remote attacker could overflow a buffer and execute arbitrary code on the system or make the application crash. This version add encryption.
IBM Lotus Domino iCalendar Attachment Name Buffer Overflow Exploit
A stack-based buffer overflow exists in the nRouter.exe component of IBM Lotus Domino when parsing the filename of an attachment within an iCalendar invitation. This can be exploited by a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted e-mail to the Lotus Domino SMTP server. This module bypasses Data Execution Prevention (DEP) in order to install an agent on the target machine.
IBM Lotus Domino iCalendar Organizer Buffer Overflow Exploit
A stack-based buffer overflow exists in the nRouter.exe component of IBM Lotus Domino when parsing the ORGANIZER field of an iCalendar invitation. This can be exploited by a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted e-mail to the Lotus Domino SMTP server.
IBM Lotus Domino If-Modified-Since Buffer Overflow Exploit
This module exploits a stack-based buffer overflow in the nHTTP.exe application, a component of Lotus Domino Server, by sending an HTTP request with an invalid value for the If-Modified-Since parameter.
IBM Lotus Domino IMAP Server Buffer Overflow Exploit
This module exploits a buffer overflow vulnerability in a Lotus Domino IMAP Server and installs an agent if successful. This vulnerability can be exploited remotely and it does not require user authentication.
IBM Lotus Domino IMAP Server Buffer Overflow Exploit Update
This module exploits a buffer overflow vulnerability in a Lotus Domino IMAP Server and installs an agent if successful. This vulnerability can be exploited remotely and it does not require user authentication. This update adds support for Lotus Domino for windows versions 6.5, 7.0.1, 7.0.1FP1, and 7.0.2.
The specific flaw exists within LDAP handling functionality which listens by default on TCP port 389. The vulnerable code blindly copies attacker supplied data from a specially formatted LDAP ModifyRequest packet to a fixed length stack buffer.
IBM Lotus Domino LSUB IMAP Server Buffer Overflow Exploit Update
Exploits a stack buffer overflow in the Lotus Domino IMAP Server for windows version 7.0.2FP1 after authentication. This update solves the unsupported icon target problem
IBM Lotus Domino NSFComputeEvaluateExt Buffer Overflow Exploit
This module exploits a stack-based buffer overflow vulnerability in IBM Lotus Domino by sending a specially crafted HTTP request to the Web Administration Interface.
Windows
Exploits/Remote
Impact
IBM Lotus iNotes ActiveX Control Buffer Overflow Exploit
IBM Lotus iNotes ActiveX control dwa85W.dll is vulnerable to a buffer overflow via a long argument to the Attachment_Times method.
IBM Lotus Quickr For Domino qp2 ActiveX Control Heap Overflow Exploit
A heap overflow in the ActiveX control qp2.cab in IBM Lotus Quickr for Domino allows remote attackers to execute arbitrary code via a crafted argument to the Attachment_Names method.
IBM Lotus Quickr For Domino qp2 ActiveX Control Heap Overflow Exploit Update
A heap overflow in the ActiveX control qp2.cab in IBM Lotus Quickr for Domino allows remote attackers to execute arbitrary code via a crafted argument to the Attachment_Names method.
This update reduces user interaction, automating the focus of the mouse in the created window object.
IBM Lotus Quickr qp2.cab ActiveX Control Buffer Overflow Exploit
A buffer overflow in the ActiveX control qp2.cab in IBM Lotus Quickr for Domino allows remote attackers to execute arbitrary code via a long argument to the Attachment_Times method.
IBM Performance Tools for i QAVCPP Local Privilege Escalation Exploit
An improper privilege management vulnerability in IBM Performance Tools for i allows authenticated local attackers with command line access to gain all object access to the host operating system.
The vulnerability can be exploited by abusing the QPFR/QAVCPP program.
IBM Personal Communications Buffer Overflow Exploit
IBM Personal Communications is prone to a stack based buffer overflow when parsing a malformed WS file. This module exploits this flaw to archive a clientside code execution.
IBM Rational ClearQuest RegisterSchemaRepoFromFileByDbSet ActiveX Control Buffer Overflow Exploit
IBM Rational ClearQuest ActiveX control Cqole.dll is vulnerable to a buffer overflow, caused by a function prototype mismatch in the RegisterSchemaRepoFromFileByDbSet() function.
IBM solidDB does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session.
IBM SPSS SamplePower ActiveX Control Remote Code Execution Vulnerability
This module will receive HTTP requests from vulnerable clients and install agents on them.
Exploits / Client Side
SCADA
IBM SPSS SamplePower C1sizer ActiveX Control Buffer Overflow Exploit
A vulnerability when handling the TabCaption buffer, C1sizer.ocx does not properly check the size before running lstrcatA and therefore will cause a buffer overflow.
IBM SPSS SamplePower Vsflex8l ActiveX Control Buffer Overflow Exploit
Buffer overflow when a special malformed string is assigned to the ComboList or ColComboList property. The code looks for a '#'in the string then copies into a global buffer in the data section with a static size of 0x64.