Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Category Platform
Sophos Web Appliance MgrReport blocking Vulnerablity Remote Code Execution Exploit A vulnerability exists in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. By abusing the blockip variable, an attacker can achieve remote code execution. CVE-2016-9553 Exploits/Remote Linux
CyberGhost CG6Service Service SetPeLauncherState Vulnerability Local Privilege Escalation Exploit The CG6Service Service in CyberGhost has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process. NOCVE-9999-85362 Exploits/Local Windows
Ichitaro Office Excel File Heap Overflow Exploit This vulnerability revolves around an unchecked integer underflow of the size of a record of type 0x3c, producing a heap overflow, within a Workbook stream in an XLS file handled by Ichitaro. CVE-2017-2790 Exploits/Client Side Windows
Apache Struts 2 Multipart File Upload Remote Code Execution Exploit Update Remote Code Execution when performing file upload based on Jakarta Multipart parser. This update adds support to Linux x86_64 distributions CVE-2017-5638 Exploits/OS Command Injection/Known Vulnerabilities Linux
PHPMailer Remote Command Execution Exploit PHPMailer is prone to a abuse the mailSend function. This vulnerability allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. CVE-2016-10033 Exploits/OS Command Injection/Known Vulnerabilities Linux
Apache Struts 2 Multipart File Upload Remote Code Execution Exploit Remote Code Execution when performing file upload based on Jakarta Multipart parser. CVE-2017-5638 Exploits/OS Command Injection/Known Vulnerabilities Linux
Disk Sorter Enterprise Login Buffer Overflow Exploit Disk Savvy server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges. NOCVE-9999-84592 Exploits/Remote Windows
Sparklabs Viscosity Config Path Privilege Escalation Viscosity for Windows suffers from a privilege escalation vulnerability. By abusing the named pipe configuration channel between the client and the underlying service, a local attacker can gain SYSTEM privileges. NOCVE-9999-84440 Exploits/Local Windows
VIPA Controls WinPLC7 Buffer Overflow Exploit A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution. CVE-2017-5177 Exploits/Remote Windows
ConQuest DICOM Server Buffer Overflow Exploit The vulnerability is caused due to the usage of vulnerable collection of libraries that are part of DCMTK Toolkit, specifically the parser for the DICOM Upper Layer Protocol or DUL. Buffer overflow/underflow can be triggered when sending and processing wrong length of ACSE data structure received over the network by the DICOM Store-SCP service. NOCVE-9999-84105 Exploits/Remote Windows
Jenkins LDAP Java Library Deserialization Vulnerability Remote Code Execution Exploit An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms. CVE-2016-9299 Exploits/Remote Windows, Linux
Microsoft Windows Win32k Privilege Escalation Exploit (MS16-135) Update 2 This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu a local attacker can trigger a kernel arbitrary write and elevate privileges. This update adds support to Windows 2008 (32 and 64 bits) and Windows 2008 R2 (64 bits) CVE-2016-7255 Exploits/Local Windows
DiskSavvy Enterprise GET Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskSavvy Enterprise caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. NOCVE-9999-83883 Exploits/Remote Windows
Dup Scout Enterprise Login Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise caused by improper bounds checking on the login process sent to the built-in web server. NOCVE-9999-84008 Exploits/Remote Windows
WebEx Extension Remote Command Execution Cisco WebEx extension for Chrome includes an OS command injection vulnerability. This module serves a specially crafted web page using HTTPS. If a vulnerable version of the extension is installed and the web browser connects to Impact's web server, this module will deploys an OS agent. NOCVE-9999-83345 Exploits/Client Side Windows
Mozilla Firefox Use-after-free DOM and Audio Elements Exploit Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. CVE-2016-9899 Exploits/Client Side Windows
Microsoft Windows Win32k Empty PFB File Exploit (MS16-151) This module exploits a vulnerability in win32k.sys by loading a Printer Font Metric (PFM) file associated to an empty Printer Font Binary (PFB) file. CVE-2016-7259 Exploits/Local Windows
Microsoft Windows LSASS Memory Corruption DoS (MS17-004) This module exploits an exceptional condition in "lsasrv.dll" by sending a crafted "Session Setup Request" SMBv1 or SMBv2 packet that is affected during the NTML Auth message. CVE-2017-0004 Denial of Service/Remote Windows
Avtech DVR Camera Authentication Bypass and Command Execution Exploit Several firmware versions of Avtech devices are vulnerable to Authentication bypass by requesting a .cab file and also vulnerable to Authenticated command injection in PwdGrp.cgi on the user creation or modification request NOCVE-9999-81314 Exploits/Remote none
Firefox SVG Animation Remote Code Execution Exploit This module exploits a "use after free" vulnerability in xul.dll. CVE-2016-9079 Exploits/Client Side Windows
Microsoft Windows Win32k Privilege Escalation Exploit (MS16-135) Update This module exploits a vulnerability in win32k.sys. By forcing an invalid combination of window style and window menu a local attacker can trigger a kernel arbitrary write and elevate privileges. CVE-2016-7255 Exploits/Local Windows
Microsoft Windows LSASS Memory Corruption DoS (MS16-137) This module exploits an exceptcional condition in "lsasrv.dll" by sending a crafted "Session Setup Request" SMBv1 or SMBv2 packet that is affected during the NTML Auth message. CVE-2016-7237 Denial of Service/Remote Windows
Linux Kernel AF_PACKET Privilege Escalation Exploit This module exploits a race condition vulnerability in the Linux Kernel via AF_PACKET sockets. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2016-8655 Exploits/Local Linux
Joomla UsersModelRegistration Admin Registration Vulnerability Exploit The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. This registration works even when registration has been disabled. This module exploits this vulnerability to add an administrator user to the Joomla database. Notice that this account could need registration confirmation (activation). CVE-2016-8869 Exploits/Remote Linux
Microsoft Windows Win32k Privilege Escalation Exploit (MS16-135) This module exploits a vulnerability in win32k.sys by setting a Window as WS_CHILD and sending a special key combination to this one. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2016-7255 Exploits/Local Windows
RTCore Privilege Escalation Exploit This module exploits a vulnerability in Rivatuner's core (Rivatuner*.sys, RTCore*.sys), a driver used by hardware tweaking apps Rivatuner, MSI Afterburner, EVGA Presicion X (and possibly others). During app operation, the driver is loaded and used to read and write physical memory, MSR registers, io ports, etc. This module abuses said functionality to escalate privileges. NOCVE-9999-80526 Exploits/Local Windows
Symantec Web Gateway Management Console Remote Code Execution Exploit The Symantec Web Gateway Management Console before 5.2.5 allows some specially crafted entries to update the whitelist without validation. A lower-privileged but authorized management console user can bypass the whitelist validation using a specifically-modified script to create an unauthorized whitelist entry. This whitelist entry could potentially be leveraged in further malicious attempts against the network. CVE-2016-5313 Exploits/Remote Code Execution Linux
Linux Kernel Dirty COW Race Condition Privilege Escalation Exploit This module exploits a race condition vulnerability in the Linux Kernel via MAP_PRIVATE COW. The bug relies in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2016-5195 Exploits/Local Linux
Cisco ASA SNMP Buffer Overflow Exploit (EXTRABACON) The module exploit a buffer overflow vulnerability in the SNMP code of the Cisco ASA CVE-2016-6366 Exploits/Remote none
VX Search Enterprise Buffer Overflow Exploit Vx Search Enterprise is prone to a buffer overflow vulnerability when receive a crafted request. NOCVE-9999-80976 Exploits/Remote Windows