Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Exploit Description Update This update modifies the description in the file header. CVE-2008-1611 Exploits/Remote Windows
HP System Management iprange Parameter Buffer Overflow Exploit This module exploits a Buffer Overflow on HP System Management. The vulnerability exists when handling a crafted iprange parameter on a request against /proxy/DataValidation. CVE-2013-2362 Exploits/Remote Windows
ASN.1 Bit String SPNEGO exploit Update Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten. This update modifies the runtime value for this exploit. CVE-2003-0818 Exploits/Remote Windows
Apache Struts ClassLoader Manipulation Remote Code Execution Exploit Update This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine. This update adds support for Apache Struts 2.3.16, Windows (x86 and x64) and Linux (x64) platforms. CVE-2014-0094 Exploits/Remote Windows, Linux
NJStar Communicator MiniSMTP Server Buffer Overflow Exploit Stack Overflow in the MiniSmtp Server component of the NJStar Communicator. NOCVE-9999-50132 Exploits/Remote Windows
LANDesk Management Suite Alert Service Exploit This module exploits a buffer overflow vulnerability in the Alert Service (aolnsrvr.exe) component of LANDesk Management Suite 8.7 and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port UDP/65535. CVE-2007-1674 Exploits/Remote Windows
Debian OpenSSL Predictable Random Number Generation Exploit This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. CVE-2008-0166 Exploits/Remote Linux
Novell File Reporter Agent XML Tag Remote Code Execution Exploit This module exploits a buffer overflow vulnerability in Novell File Reporter. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037. CVE-2011-0994 Exploits/Remote Windows
Hewlett Packard Enterprise Data Protector EXEC_BAR User Name Buffer Overflow Exploit The specific flaw exists within OmniInet.exe which listens by default on TCP port 5555. When parsing a malformed user name field in a request, the process blindly copies user supplied data into a fixed-length stack buffer. A remote attacker can abuse this to execute remote code under the context of SYSTEM. CVE-2016-2005 Exploits/Remote Windows
RSH Daemon for Windows Remote Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the Windows RSH application (rshd.exe). The module sends a specially crafted packet to port 514/tcp and installs an agent if successful. CVE-2007-4005 Exploits/Remote Windows
HP OpenView NNM getnnmdata ICount CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the getnnmdata.exe CGI application, a component of HP OpenView Network Node Manager, by sending an HTTP request with an invalid value for the ICount parameter. CVE-2010-1554 Exploits/Remote Windows
ProFTPD Telnet IAC Buffer Overflow Exploit This module exploits a stack overflow vulnerability in proftpd in order to install an agent. The vulnerability is within the function pr_netio_telnet_gets(). The issue is triggered when processing specially crafted Telnet IAC packets delivered to the FTP server. CVE-2010-4221 Exploits/Remote AIX, FreeBSD
Novell eDirectory Network Request Buffer Overflow Exploit A boundary error exists in the dhost.dll component of Novell eDirectory post authentication when processing list of modules. This can be exploited to cause a stack-based buffer overflow via a specially crafted request with an overly long module name. WARNING:This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-4653 Exploits/Remote Windows
HP OpenView NNM jovgraph displayWidth Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the jovgraph.exe CGI application, a component of HP OpenView Network Node Manager, by sending a specially crafted packet. CVE-2011-0261 Exploits/Remote Windows
MSRPC RRAS Exploit This module exploits a stack overflow in the Windows Routing and Remote Access Service (MS06-025) CVE-2006-2370 Exploits/Remote Windows
Serv-U Web Client HTTP Request Remote Buffer Overflow Exploit This module exploits a stack overflow in Serv-U Web Client by sending a specially crafted POST request. CVE-2009-4873 Exploits/Remote Windows
Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) This module exploits a Windows kernel remote vulnerability on the srv.sys driver via a malformed SMB packet. CVE-2008-4038 Exploits/Remote Windows
HP ProCurve Manager SNAC UpdateDomainControllerServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateDomainControllerServlet. This servlet improperly sanitizes the adCert argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4811 Exploits/Remote Windows
MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 3 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds support for Windows 2003 Enterprise Edition sp2 with DEP enabled. This update also adds support for XP SP2 and 2003 SP1 as well as improves the reliability of the exploit against all supported platforms. CVE-2008-4250 Exploits/Remote Windows
Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit Update 2 This module exploits a heap overflow vulnerability in Samba Server by sending a crafted request packet via DCERPC call. This update adds support to Debian 5 (32 bits and 64 bits). CVE-2012-1182 Exploits/Remote Linux
Atlassian JIRA Issue Collector Plugin Path Traversal Vulnerability Exploit A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges. CVE-2014-2314 Exploits/Remote Windows
EZHomeTech EzServer Buffer Overflow Exploit EzServer is prone to a buffer-overflow when handling packets with an overly long string. NOCVE-9999-52789 Exploits/Remote Windows
Firebird SQL CNCT Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in Firebird SQL by sending a malformed packet to the 3050/TCP port. CVE-2013-2492 Exploits/Remote Linux
GE Proficy CIMPLICITY gefebt Remote Code Execution The vulnerable component gefebt allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE .This can be executed remotely through the WebView server. CVE-2014-0750 Exploits/Remote Windows
Sun Java Web Console format string exploit This module exploits a format string vulnerability in the Sun Java Web Console and installs an agent. CVE-2007-1681 Exploits/Remote Solaris
OracleDB CSA Remote Code Execution Exploit This module exploits a vulnerability in the Client System Analyzer component of the Oracle Database Server. CVE-2010-3600 Exploits/Remote Windows, Linux
OpenX Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms CVE-2009-4098 Exploits/Remote Solaris, Linux, Mac OS X
MSRPC SRVSVC NetrpPathCanonicalize (MS06-040) exploit update 2 This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). This update adds support for windows 2003 sp0. CVE-2006-3439 Exploits/Remote Windows
MSRPC WKSSVC NetpManageIPCConnect Exploit Update 2 This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.6 to 8.0 of the framework. CVE-2006-4691 Exploits/Remote Windows
Adobe RoboHelp Server File Upload Code Execution Exploit This module exploits a remote .JSP code injection in Adobe RoboHelp Server by sending a specially crafted HTTP request to the affected service. CVE-2009-3068 Exploits/Remote Windows