Core Impact Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Titlesort descending Description Vulnerabilty Category Platform
Novell ZENworks Configuration Management TFTPD Remote DoS The flaw exists within the novell-tftp.exe component which listens by default on UDP port 69. When handling a request the process blindly copies user supplied data into a fixed-length buffer on the heap. CVE-2010-4323 Denial of Service/Remote Windows
Novell ZENworks Configuration Management UploadServlet Remote Code Execution Exploit A remote code execution vulnerability in the UploadServlet component of Novell ZENworks Configuration Management allows remote attackers to execute arbitrary code. CVE-2010-4229 Exploits/Remote Windows
Novell ZENworks Mobile Management Remote Code Execution Exploit This module exploits a vulnerability in the Novell ZENworks Mobile Management application by injecting code in the PHP session file and leveraging a Local File Inclusion in mdm.php to execute the injected PHP code. CVE-2013-1081 Exploits/Remote Windows
Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway. CVE-2008-0871 Exploits/Remote Windows
Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit update A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway. This version add support for Windows 2003 and all systems with DEP enabled. CVE-2008-0871 Exploits/Remote Windows
Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit update 2 This package provides an update for the Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit for Impact Professional 7.6 CVE-2008-0871 Exploits/Remote Windows
NTR ActiveX Control Check Method Buffer Overflow Exploit A buffer overflow vulnerability when handling a url can be exploited via a crafted "bstrParams" parameter passed to the "Check()" method. CVE-2012-0266 Exploits/Client Side Windows
NTR ActiveX Control StopModule Remote Code Execution Exploit This module exploits a vulnerability in the ntractivex118.dll module included in the NTRglobal NTR Activex Control application. The exploit is triggered when the StopModule() method processes a crafted argument resulting in a buffer overflow. CVE-2012-0267 Exploits/Client Side Windows
Nuance PDF Reader dwmapi DLL Hijacking Exploit Nuance PDF Reader is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PDF file. NOCVE-9999-46063 Exploits/Client Side Windows
nuBuilder Remote File Inclusion Exploit Report.php fails to sanitize user input data on StartingDirectory parameter when used in an include. NOCVE-9999-44562 Exploits/Remote File Inclusion/Known Vulnerabilities none
Numark Cue M3U Buffer Overflow Exploit Numark Cue contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Numark Cue when handling .M3U files. CVE-2008-4470 Exploits/Client Side none
Nuxeo Platform CMS Directory Traversal Vulnerability JSP File Upload Exploit This module uses a directory traversal vulnerability in the file import feature in Nuxeo Platform CMS to upload a JSP to gain arbitrary code execution on the affected system. CVE-2017-5869 Exploits/Remote File Inclusion/Known Vulnerabilities none
NVIDIA DxgDdiEscape Handler Privilege Escalation Exploit NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges. CVE-2016-7387 Exploits/Local Windows
NVIDIA DxgDdiEscape Handler Privilege Escalation Exploit Update NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges. This update add reliability and speed to the attack. CVE-2016-7387 Exploits/Local Windows
NVIDIA RealityServer Web Services RTMP Server DoS This module exploits a NULL pointer dereference in NVIDIA Reality Server Software, when a crafted package is send to port 1935. NOCVE-9999-48568 Denial of Service/Remote Windows
NVIDIA Stereoscopic 3D Driver Service Privilege Escalation This module will exploit a vulnerability in the NVIDIA Stereoscopic 3D Driver Service. It will wait for users to login on the target system, installing agents for every user, until being able to install an agent for a user in the Built In Administrators group. CVE-2015-7865 Exploits/Local Windows
Omni-NFS Enterprise FTP Server Buffer Overflow Exploit This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests. CVE-2006-5792 Exploits/Remote Windows
Omni-NFS Enterprise FTP Server Buffer Overflow Exploit Update This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests. This update add CVE. CVE-2006-5792 Exploits/Remote Windows
Omni-NFS Server NFSD Stack Buffer Overflow Exploit A buffer overflow exist in nfsd.exe in XLink Omni-NFS Server and allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd). CVE-2006-5780 Exploits/Remote Windows
One Link Multiple Clientsides Modules Update This update adds support for several additional ActiveX exploits. CVE-2009-1612 Exploits/Client Side Windows
OP5 license Remote Code Execution Exploit op5 Appliance contains an input validation flaw related to the system-portal component that allows a remote attacker to execute arbitrary shell commands via command injection. CVE-2012-0261 Exploits/Remote Code Execution none
OpenBSD DHCP Remote DoS This module exploits a vulnerability in DHCP Server in OpenBSD. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This cause a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278. This module, if successfull, will leave the service (dhcpd) unavailable. CVE-2007-5365 Denial of Service/Remote Linux, OpenBSD
OpenBSD DHCP Remote DoS Update This module exploits a vulnerability in DHCP Server in OpenBSD. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This cause a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278. CVE-2007-5365 Denial of Service/Remote Linux, OpenBSD
OpenBSD getsockopt() Privilege Escalation Exploit A local user can invoke the getsockopt call with certain options to execute arbitrary code and gain privileged access. NOCVE-9999-41144 Exploits/Local OpenBSD
OpenBSD IPv6 mbuf Remote Exploit This module exploits a buffer overflow vulnerability in the OpenBSD kernel; the exploit uses fragmented ICMPv6 packets to take complete control of a target system. CVE-2007-1365 Exploits/Remote OpenBSD
OpenBSD PF IP Fragment Remote DoS This module exploits a OpenBSD's PF remote denial-of-service vulnerability. This issue is due to a flaw in affected kernels that results in a kernel crash when attempting to normalize IP fragments. CVE-2006-0381 Denial of Service/Remote OpenBSD
OpenBSD PF IP ICMPV6 Remote DoS OpenBSD's PF is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a kernel panic on affected computers, denying further service to legitimate users. NOCVE-9999-37988 Denial of Service/Remote OpenBSD
OpenBSD PF IP ICMPV6 Remote DoS Update OpenBSD's PF is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a kernel panic on affected computers, denying further service to legitimate users. This update improves reliability in Impact 10. CVE-2009-0687 Denial of Service/Remote OpenBSD
OpenBSD XMM Exceptions DoS OpenBSD is prone to a local denial-of-service vulnerability. XMM exceptions are not correctly handled, resulting in a kernel panic. CVE-2009-3572 Denial of Service/Local OpenBSD
OpenEMR pc_category Cross Site Scripting Exploit OpenEMR fails to sanitize the pc_category parameter in interface/main/calendar/index.php leading to a Cross-Site Scripting vulnerability. NOCVE-9999-49218 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities none