Core Impact Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Moodle Tex Filter Remote Code Execution Exploit A Remote Code Execution (RCE) vulnerability has been found in filter/tex/texed.php. Due to the fact this file does not properly check the input parameters, it is possible to exploit this vulnerability in order to execute arbitrary commands on the target server. This module starts a web server on the CORE IMPACT Console to publish the agent, which is downloaded from the target. In order to exploit this vulnerability register_globals must be enabled (in PHP) and the TeX Notation filter in Moodle must be turned on. NOCVE-9999-35969 Exploits/Remote Linux
CA XOsoft Control Service entry_point.aspx Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the entry_point.aspx login page of CA XOsoft Control Service. CVE-2010-1223 Exploits/Remote Windows
SolarWinds Firewall Security Manager userlogin Exploit Solarwinds FSM is vulnerable to an authentication bypass in userlogin.jsp that allows attacker to upload an agent via a weekness in the username atribute in settings-new.jsp allowing us to install an agent. CVE-2015-2284 Exploits/Remote Windows
Novell ZENworks Asset Management Remote Code Execution Exploit This module exploits a path traversal vulnerability in Novell ZENworks Asset Management. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location. CVE-2010-4229 Exploits/Remote Windows
AIX rpc.cmsd Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability on the Calendar Manager Service Daemon. CVE-2009-3699 Exploits/Remote AIX
Novell File Reporter NFRAgent VOL Tag Buffer Overflow Exploit The vulnerability exists within NFRAgent.exe listening on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it on the stack. NOCVE-9999-54601 Exploits/Remote Windows
MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 6 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds support for Windows XP sp0 and sp1. CVE-2008-4250 Exploits/Remote Windows
Citrix Provisioning Services streamprocess Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. NOCVE-9999-46895 Exploits/Remote Windows
Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit Update This update adds support to Debian 6.0.0 and adds support for attacking IPv6 targets. This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution Exploit This module exploits a remote code execution vulnerability in EMC Data Protection Advisor (DAP). Vulnerable installations of EMC DPA exposes the EJBInvokerServlet invoker servlet which does not require any type of authentication by default on certain profiles and allow remote attackers to invoke MBean methods and execute arbitrary code. CVE-2012-0874 Exploits/Remote Windows
Sophos Web Protection Appliance sblistpack Command Injection Exploit The /opt/ws/bin/sblistpack Perl script in Sophos Web Protection Appliance, which can be reached from the web interface, is vulnerable to OS command injection because its get_referers() function does not escape the first argument of the script before using it within a string that will be executed as a command by using backticks. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code in the affected appliance with the privileges of the "spiderman" operating system user. A second vulnerability in the Sophos Web Protection Appliance (an OS command injection in the /opt/cma/bin/clear_keys.pl script, which can be executed by the "spiderman" user with the sudo command without password) allows an attacker who successfully compromised the appliance to escalate privileges from "spiderman" to root. CVE-2013-4983 Exploits/Remote Linux
Procyon Core Server HMI Scada Coreservice Buffer Overflow Exploit Vulnerability in the coreservice.exe component of Procyon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record, allowing for unauthenticated remote code execution. CVE-2011-3322 Exploits/Remote Windows
HP Client Automation Remote Code Execution Exploit This module exploits a command injection vulnerability in HP Client Automation. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When handling a remote execution request the process does not properly authenticate the user issuing the request. The command to be executed is also not properly sanitized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM. Authentication is not required to exploit this vulnerability. CVE-2015-1497 Exploits/Remote Windows, Mac OS X, Linux
Tomcat Deploy Manager Default Account Code Execution Exploit This module exploits a remote code execution vulnerability in Tomcat Web Server by using an default user account to upload an arbitrary file. CVE-2009-3548 Exploits/Remote Windows
BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe), this can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6080/TCP. CVE-2008-1914 Exploits/Remote Windows
HP Data Protector Express Create New Folder Buffer Overflow Exploit HP Data Protector Express is prone to a buffer-overflow when handling folder names in an insecure way by the dpwindtb.dll component. CVE-2012-0124 Exploits/Remote Windows
Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) Update This update add support to Microsoft Windows 2000 SP4 Professional, Server, Advanced Server and Windows 2003 SP0 Standard Edition and Enterprise Edition. CVE-2008-4038 Exploits/Remote Windows
Omni-NFS Server NFSD Stack Buffer Overflow Exploit A buffer overflow exist in nfsd.exe in XLink Omni-NFS Server and allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd). CVE-2006-5780 Exploits/Remote Windows
Integard Home and Pro Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of HTTP POST requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP POST request to the server. NOCVE-9999-45121 Exploits/Remote Windows
MyBB Backdoor Remote Code Execution Exploit A backdoor introduced in the source code of MyBB allows remote unauthenticated attackers to execute arbitrary code on systems running vulnerable installations of MyBB. NOCVE-9999-49723 Exploits/Remote Windows, Solaris, Linux, FreeBSD
Exchange X-LINK2STATE CHUNK Exploit This module exploits a heap based buffer overflow handling the X-LINK2STATE command in the SMTP service of Exchange Server. CVE-2005-0560 Exploits/Remote Windows
ManageEngine EventLog Analyzer Exploit ManageEngine EventLog Analyzer is vulnerable to abuse a SQL query functionality that allows attackers to insert and export a crafted JSP using 'guest' credentials allowing us to install an agent. CVE-2015-7387 Exploits/Remote Windows
Apache Struts 2 devMode OGNL Remote Code Execution Exploit The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production. When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter. This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system. NOCVE-9999-62986 Exploits/Remote Windows, Mac OS X, Linux
MySQL yaSSL Exploit This module exploits a remote buffer-overflow in MySQL servers using yaSSL. CVE-2008-0226 Exploits/Remote Windows, Linux, FreeBSD
Traq Command Injection Exploit Traq is vulnerable to an authentication bypass vulnerability, this module exploits this vulnerability in order to install a plugin hook to ultimately install an agent in the target host. NOCVE-9999-50813 Exploits/Remote Windows, Solaris, Linux, Mac OS X
Ultra Mini HTTPD Stack Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Arbitrary code can be directly executed by overwriting a return address. This update only adds CVE Number. CVE-2013-5019 Exploits/Remote Windows
Novell File Reporter Engine RECORD Tag Parsing Exploit This module exploits a buffer overflow in Novell File Reporter by sending a specially crafted packet. CVE-2011-2220 Exploits/Remote Windows
3Com TFTP Transporting Mode Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field. CVE-2006-6183 Exploits/Remote Windows
Symantec AMS Intel Alert Service AMSSendAlertAck Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the Intel Alert Handler Service. CVE-2010-0110 Exploits/Remote Windows
Mantis Manage_proj_page Remote Code Execution Exploit Update 5 This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 when handling the sort parameter in manage_proj_page without the proper validation that leads to a remote code execution on Mantis' Web server. This update adds support for the OSX platform. CVE-2008-4687 Exploits/Remote Solaris, Linux, Windows, AIX, Mac OS X