Core Impact Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Titlesort descending Description Vulnerabilty Category Platform
MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 3 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds support for Windows 2003 Enterprise Edition sp2 with DEP enabled. This update also adds support for XP SP2 and 2003 SP1 as well as improves the reliability of the exploit against all supported platforms. CVE-2008-4250 Exploits/Remote Windows
MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 4 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds reliability to all supported platforms. CVE-2008-4250 Exploits/Remote Windows
MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 5 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds reliability when exploiting all supported platforms. CVE-2008-4250 Exploits/Remote Windows
MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 6 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds support for Windows XP sp0 and sp1. CVE-2008-4250 Exploits/Remote Windows
MSRPC SPOOLSS Buffer Overflow exploit This module exploits a heap based buffer overflow in the Print Spooler service (MS05-043) and installs an agent. CVE-2005-1984 Exploits/Remote Windows
MSRPC SRVSVC NetrpPathCanonicalize (MS06-040) exploit This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2006-3439 Exploits/Remote Windows
MSRPC SRVSVC NetrpPathCanonicalize (MS06-040) exploit update This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). This update adds support for Windows XP SP0 and SP1. CVE-2006-3439 Exploits/Remote Windows
MSRPC SRVSVC NetrpPathCanonicalize (MS06-040) exploit update 2 This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). This update adds support for windows 2003 sp0. CVE-2006-3439 Exploits/Remote Windows
MSRPC SRVSVC NetrpPathCanonicalize Exploit (MS06-040) Update 3 This update improves reliability when it's launched against Windows XP SP1 platforms. This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). CVE-2006-3439 Exploits/Remote Windows
MSRPC Trend Micro Server Protect AddTaskExportLogItem() Exploit TrendMicro ServerProtect 5.58 with security patch 3 installed is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-6507 Exploits/Remote Windows
MSRPC Trend Micro Server Protect buffer overflow exploit TrendMicro ServerProtect is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-2508 Exploits/Remote Windows
MSRPC Trend Micro Server Protect buffer overflow exploit Update TrendMicro ServerProtect is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. This update corrects the actual exploited CVE number. CVE-2007-2508 Exploits/Remote Windows
MSRPC Trend Micro Server Protect buffer overflow exploit Update 2 This update improves the reliability of the exploit. CVE-2007-2508 Exploits/Remote Windows
MSRPC UMPNPMGR MS05-039 exploit update This module exploits a stack buffer overflow in the Microsoft Windows Plug and Play service and installs an agent (MS05-039). This update fixes a problem when launching the exploit with the PROTO parameter set to 139/SMB or 445/SMB (instead of the default value ANY). CVE-2005-1983 Exploits/Remote Windows
MSRPC UMPNPMGR MS05-47 DoS This module exploits a buffer overflow and force the remote machine to reboot (MS05-047). CVE-2005-2120 Denial of Service/Remote Windows
MSRPC WKSSVC NetpManageIPCConnect exploit A remote code execution vulnerability exists in the Workstation service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. CVE-2006-4691 Exploits/Remote Windows
MSRPC WKSSVC NetpManageIPCConnect Exploit update This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.0 to 7.5 of the framework. CVE-2006-4691 Exploits/Remote Windows
MSRPC WKSSVC NetpManageIPCConnect Exploit Update 2 This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.6 to 8.0 of the framework. CVE-2006-4691 Exploits/Remote Windows
MSRPC WKSSVC NetrGetJoinInformation Heap Corruption DoS (MS09-041) This module exploits an improperly memory free by sending a specially crafted RPC packet to cause a DoS condition on the target machine. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1544 Denial of Service/Remote Windows
MSRPC _LlsrLicenseRequestW Remote Heap Overflow Exploit (MS09-064) This module exploits a remote heap-based overflow in the Microsoft Windows License Logging Service by sending a specially crafted RPC request. CVE-2009-2523 Exploits/Remote Windows
Muse PLS Buffer Overflow Exploit The vulnerability is caused due to a boundary error in MUSE when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. NOCVE-9999-44898 Exploits/Client Side Windows
Music Animation Machine MIDI SEH Buffer Overflow Exploit Music Animation Machine MIDI Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in MAM Player when handling misleading MIDI files. This situation leads to a buffer overflow and allows an attacker to overwrite an SEH Pointer and get control of execution. This vulnerability can be exploited via a specially crafted .mamx file. CVE-2011-0502 Exploits/Client Side Windows
MyBB Backdoor Remote Code Execution Exploit A backdoor introduced in the source code of MyBB allows remote unauthenticated attackers to execute arbitrary code on systems running vulnerable installations of MyBB. NOCVE-9999-49723 Exploits/Remote Windows, Solaris, Linux, FreeBSD
MyBB Backdoor Remote Code Execution Exploit Update A backdoor introduced in the source code of MyBB allows remote unauthenticated attackers to execute arbitrary code on systems running vulnerable installations of MyBB. This update adds support for the Solaris platform. NOCVE-9999-49723 Exploits/Remote Windows, Solaris, Linux, FreeBSD
MyBB Privilege Escalation Exploit A vulnerability has been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "birthdayprivacy" parameter to inc/datahandlers/user.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires a valid user account. The vulnerability is reported in MyBB 1.4.x versions prior to 1.4.7. NOCVE-9999-38921 Exploits/Authentication Weakness none
MySQL create function exploit update MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls. This module exploits this vulnerability, and this update improve the exploit reliability. CVE-2005-0709 Exploits/Remote Linux, Windows
MySQL MaxDB WebTool GET Request Buffer Overflow Exploit This module exploits a stack buffer overflow in the MySQL MaxDB WebTool Server and installs a level0 agent. CVE-2005-0684 Exploits/Remote Windows
MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow Exploit MySQL compiled with yaSSL is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. CVE-2009-4484 Exploits/Remote Linux
MySQL yaSSL Exploit This module exploits a remote buffer-overflow in MySQL servers using yaSSL. CVE-2008-0226 Exploits/Remote Windows, Linux, FreeBSD
MySQL yaSSL Exploit update This update adds support for Linux, Freebsd and additional MySQL versions. CVE-2008-0226 Exploits/Remote Windows, Linux, FreeBSD