Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates
When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.
Use the controls below to navigate Core Impact exploits and other modules.
Title |
Description | Vulnerabilty | Category | Platform |
|---|---|---|---|---|
| XnView TAAC Buffer Overflow Exploit | A security vulnerability with the way XnView processes TAAC files may allow a remote unprivileged user who provides a TAAC document that is opened or previewed by a local user to execute arbitrary commands on the system with the privileges of the user running XnView. This can be exploited to cause a buffer overflow when a specially crafted file is opened or previewed in XnView. | CVE-2008-2427 | Exploits/Client Side | Windows |
| XnView PSP Image Processing Buffer Overflow Exploit | A vulnerability when processing PSP files can be exploited to cause a stack based buffer overflow via a specially crafted file. | CVE-2013-3492 | Exploits/Client Side | Windows |
| XMPlay Playlist Files Buffer Overflow Exploit | The vulnerability is caused due to a boundary error within the parsing of playlists (.m3u, .pls, and .asx) containing an overly long file name. This can be exploited to cause a stack-based buffer overflow via a specially crafted playlist file. | CVE-2006-6063 | Exploits/Client Side | Windows |
| XM Easy Personal FTP Server DoS | XM Easy Personal FTP Server is prone to multiple remote denial-of- service vulnerabilities because it fails to properly handle user-supplied input. | CVE-2006-2225 | Denial of Service/Remote | Windows |
| Xion M3U Buffer Overflow Exploit | The vulnerability is caused due to a boundary error in Xion when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. | NOCVE-9999-44931 | Exploits/Client Side | Windows |
| Xenorate XPL File Buffer Overflow Exploit | Xenorate is prone to a buffer-overflow. The program fails to properly sanitize user-supplied input with a specially crafted XPL file. | NOCVE-9999-53630 | Exploits/Client Side | Windows |
| Xen Pygrub Command Injection exploit for Impact 7.5 | This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. | CVE-2007-4993 | Exploits/Local | Linux |
| Xen Pygrub Command Injection exploit | This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. | CVE-2007-4993 | Exploits/Local | Linux |
| XBMC GET Request Remote Buffer Overflow Exploit | This module exploits a vulnerability in XBMC by sending a specially crafted, overly long HTTP GET request to the application's web server which causes a stack-based buffer overflow, allowing arbitrary code execution. | NOCVE-9999-37459 | Exploits/Remote | Windows |
| Xampp webdav PHP Upload Exploit | This module attacks default XAMPP installations and abuses the use of default credentials for webdav. The module can also be configured to take advantage of user supplied credentials. | NOCVE-9999-53594 | Exploits/Remote | Windows |
| Xampp php_self Cross Site Scripting Exploit | XAMPP suffers from multiple XSS issues in several scripts that use the 'PHP_SELF' variable. The vulnerabilities can be triggered in the 'xamppsecurity.php', 'cds.php' and 'perlinfo.pl' because there isn't any filtering to the mentioned variable in the affected scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session. | NOCVE-9999-50264 | Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities | none |
| WS_FTP 5.05 XMD5 buffer overflow exploit | This module exploits a stack overflow in WS_FTP 5.05 in XMD5 command and installs an agent. | CVE-2006-5000 | Exploits/Remote | Windows |
| Wordtrainer ORD File Buffer Overflow Exploit | The vulnerability is caused due to boundary errors in Wordtrainer 3.0 within the processing of .ORD files. This can be exploited to cause a stack-based buffer overflow when the victim opens a specially crafted file with an overly long supplied data. | NOCVE-9999-47844 | Exploits/Client Side | Windows |
| Wordpress Weak Authentication Exploit | An attacker, able to register a specially crafted username on a Wordpress 2.5 installation, will also be able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. The proper way to exploit this vulnerability is to use a Wordpress account which its username starts with the word "admin", for example "admin99". This exploit will not be shown on WebApps reports. | CVE-2008-1930 | Exploits/Authentication Weakness | none |
| Wordpress W3 Total Cache PHP Remote Code Execution Exploit | This module exploits a vulnerability in W3 Total Cache plugin for Wordpress. Certain macros such as mfunc allow to inject PHP code into comments. By injecting a crafted comment into a valid post an attacker can execute arbitrary PHP code on systems running vulnerable installations of W3 Total Cache. | CVE-2013-2010 | Exploits/Remote | Linux |
| WordPress PHPMailer Remote Code Execution Exploit | This module exploits a PHPMailer vulnerability in WordPress abusing a Lost Password recovery action and installs an agent. | CVE-2016-10033 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Wordpress Password Reset Exploit | A weakness has been reported in WordPress which can be exploited to bypass certain security restrictions. The weakness is due to a bug within the password reset functionality when verifying the secret key. This can be exploited to reset the password of the first user without a key in the database (usually administrator) without providing the correct secret key. | NOCVE-9999-39525 | Exploits/Authentication Weakness | none |
| Wordpress NextGEN Gallery Plugin Cross Site Scripting Exploit | This vulnerability results from a reflected unsanitized input that can be crafted into an attack by a malicious user by manipulating the 'mode' parameter of the xml/media-rss.php script. Version 1.5.1 is verified as vulnerable, older versions are probably vulnerable too but they were not tested at this time. | CVE-2010-1186 | Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities | none |
| WordPress Landing Pages Plugin Remote Command Execution | This update introduces an OS Command Injection Exploit for the "Wordpress Landing Pages" plugin. | CVE-2015-5227 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| Wordpress Google Analytics Plugin Cross-Site Scripting Exploit | Input passed to the "s" parameter in index.php is not properly sanitised before being returned to the user in googleanalytics.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. | NOCVE-9999-41354 | Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities | none |
| Wordpress Comments XSS Exploit | A cross-site scripting vulnerability exists in the comments rendering in Wordpress 4.1.1 and previous versions. This exploit abuses a persistent cross site scripting vulnerability in Wordpress to install an OS Agent in the server running the Wordpress installation. This update includes a module that posts a comment with the cross site scripting code as a comment in a Wordpress post. The javascript code will attempt to install a Wordpress plugin everytime the post comment is rendered. The plugin will in turn install an OS agent in the server running Wordpress. This update adds the option to use the module in a verification mode, so a comment can be posted to verify if it would be moderated with the current webapps scenario in use. | NOCVE-9999-71907 | Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities | Linux |
| WordPerfect X3 Printer Selection exploit update | The vulnerability is caused due to boundary errors in wordperfect within the processing of WPD files. Wordperfect X3 fails to check the length of the printer selection (.PRS) filename stored inside Wordperfect documents, allowing an attacker to cause a stack overflow in order to execute arbitrary code. This update changes the injection method of the agent. | CVE-2007-1735 | Exploits/Client Side | Windows |
| WordPerfect X3 Printer Selection exploit | The vulnerability is caused due to boundary errors in wordperfect within the processing of WPD files. Wordperfect X3 fails to check the length of the printer selection (.PRS) filename stored inside Wordperfect documents, allowing an attacker to cause a stack overflow in order to execute arbitrary code. | CVE-2007-1735 | Exploits/Client Side | Windows |
| Word List Builder DIC File Buffer Overflow Exploit | This module exploits a stack-based buffer overflow in Word Builder which is triggered by a malformed DIC file. | NOCVE-9999-48662 | Exploits/Client Side | Windows |
| WonderWare SuiteLink slssvc.exe DoS | WonderWare is supplier of industrial automation and information software solutions. According to the company's website: * one third of the world's plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil and Gas, Food and Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more The vulnerability found in Wonderware SuiteLink Service (slssvc.exe) could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. | CVE-2008-2005 | Denial of Service/Remote | Windows |
| WMI Administrative Tools ActiveX Exploit | This module exploits a vulnerability in the WBEMSingleView.ocx control included in the WMI Tools ActiveX application. The exploit is triggered when the OpenURL() method processes a long string argument resulting in a stack-based buffer overflow. | CVE-2010-3973 | Exploits/Client Side | Windows |
| WM Downloader M3U Buffer OverFlow Exploit | WM Downloader contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in WM Downloader when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. | NOCVE-9999-51869 | Exploits/Client Side | Windows |
| WireShark SNMP Dissector DoS | This module exploits a vulnerability in the WireShark SNMP dissector, sending a specially crafted SNMP packet, causing WireShark to crash. | CVE-2008-1071 | Denial of Service/Remote | Windows |
| Wireshark riched20 DLL Hijacking Exploit | The vulnerability is caused due to the application loading a library (riched20.dll.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a e.g. ".pcap" file located on a remote WebDAV or SMB share. | CVE-2016-2521 | Exploits/Client Side | Windows |
| Wireshark PROFINET Dissector Format String Exploit Update | Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. This update adds windows 7 support. | CVE-2009-1210 | Exploits/Remote | Windows |