Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Category Platform
Apple Mac OS X DYLD_PRINT_TO_FILE Privilege Escalation Exploit This module exploits a vulnerability present in Mac OS X. dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain root privileges via the DYLD_PRINT_TO_FILE environment variable. CVE-2015-3760 Exploits/Local Mac OS X
Jenkins Default Configuration Remote Code Execution Exploit Update This module exploits a Jenkins command injection in order to install an agent. This update adds support for Windows and Linux platforms, and HTTPS support. NOCVE-9999-74942 Exploits/Remote Windows, Linux
Oracle Application Testing Suite UploadServlet Servlet Remote Code Execution Exploit A vulnerability exists in the UploadServlet servlet. By providing a filename header containing a directory traversal, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. CVE-2016-0490 Exploits/Remote Windows
Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Exploit A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack. CVE-2016-0491 Exploits/Remote Windows
Microsoft Windows COM Object Cpfilters dll based Binary Planting Exploit Update (MS16-014) This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Windows using a word document to deploy an agent. This update adds other vulnerable dlls to the exploitation and other platforms and architectures. CVE-2016-0041 Exploits/Client Side Windows
Adobe Acrobat Reader armsvc Service Privilege Escalation Exploit Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5106. CVE-2015-5090 Exploits/Local Windows
Microsoft Office COM Object els.dll based Binary Planting Exploit (MS15-132) Update This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Word to deploy an agent. This version adds wow64 support. CVE-2015-6128 Exploits/Client Side Windows
Spring Boot Default Error Page Expression Language Injection Exploit Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections. This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent. CVE-2013-1966 Exploits/OS Command Injection/Known Vulnerabilities Windows, Linux, Solaris
Microsoft Windows COM Object Cpfilters dll based Binary Planting Exploit (MS16-014) This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Windows using a word document to deploy an agent. CVE-2016-0041 Exploits/Client Side Windows
Proface GP Pro EX Buffer Overflow Exploit The specific flaw exists within BeginPreRead() processing. When handling malformed 0x7f77 type fields. NOCVE-9999-74950 Exploits/Client Side Windows
Microsoft Group Policy Preferences Exploit (MS14-025) The Group Policy implementation in Microsoft Windows does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share. CVE-2014-1812 Exploits/Remote Windows
Microsoft Windows NDIS Pool Overflow Vulnerability DoS (MS15-117) A vulnerability in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to trigger buffer overflow. This allows unprivileged local users to cause an invalid dereference in kernel mode, which produces a BSoD. CVE-2015-6098 Denial of Service/Local Windows
Jenkins commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit Update Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. This update adds proper CVE number, support for Jenkins with HTTPS enabled, and DNS channel support. It also extends on the supported platforms, improves IPv6 functionality and removes redundant code. CVE-2015-8103 Exploits/Remote Windows, Linux
Linux Blueman D-Bus Service EnableNetwork Privilege Escalation Exploit The EnableNetwork method in the org.blueman.Mechanism D-Bus service of Blueman, a Bluetooth Manager, receives untrusted Python code provided by unprivileged users and evaluates it as root. This can be leveraged by a local unprivileged attacker to gain root privileges. CVE-2015-8612 Exploits/Local Linux
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 3 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 32 bits by using a kernel memory leak (CVE-2015-2433). CVE-2015-2426 Exploits/Local Windows
Microsoft Windows Win32k SetParent Null Pointer Dereference Exploit (MS15-135) This module exploits a vulnerability in win32k.sys by calling to SetParent function with crafted parameters. CVE-2015-6171 Exploits/Local Windows
Linux Overlayfs ovl_setattr Local Privilege Escalation Exploit This module exploits a vulnerability in Linux. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. CVE-2015-8660 Exploits/Local Linux
Microsoft Office COM Object els.dll based Binary Planting Exploit (MS15-132) This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Word to deploy an agent. CVE-2015-6128 Exploits/Client Side Windows
Linux abrt sosreport Symlink Privilege Escalation Exploit The sosreport program, a component of the ABRT bug reporting system used in Red Hat Enterprise Linux, does not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/tmp/abrt). This can be leveraged by local unprivileged attackers to gain root privileges on vulnerable systems. CVE-2015-5287 Exploits/Local Linux
Jenkins Default Configuration Remote Code Execution Exploit This module exploits a Jenkins command injection in order to install an agent. NOCVE-9999-74942 Exploits/Remote Linux
VMware vCenter Server Java JMX-RMI Remote Code Execution Exploit VMware vCenter Server is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a, also controlled, jar file. CVE-2015-2342 Exploits/Remote Windows
Joomla com_contenthistory SQL Injection This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors CVE-2015-7297 Exploits/SQL Injection/Known Vulnerabilities Linux
Joomla User Agent Object Injection Exploit This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend. CVE-2015-8562 Exploits/OS Command Injection/Known Vulnerabilities Linux
AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Exploit This update introduces an exploit for AlienVault Unified Security Management. A vulnerability exists in the av-forward daemon running in AlienVault Unified Security Management appliances. The daemon accepts serialized Python and proceeds to deserialize it without proper validation, allowing unauthenticated arbitrary code execution. NOCVE-9999-74938 Exploits/Remote none
SolarWinds Application Monitor TSUnicodeGraphEditorControl factory Buffer Overflow Exploit Update 2 The specific flaw exists within the 'factory' object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. This version add x86_64 support. CVE-2015-1500 Exploits/Client Side Windows
Microsoft Windows Media Center MCL URL File Disclosure Exploit (MS15-134) Windows Media Center MCL files can specify a URL to be automatically loaded within Media Center. A specially crafted MCL file can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the application's embedded web browser. This can be leveraged by an attacker to read and exfiltrate arbitrary files from a victim's local fileystem by convincing an unsuspecting user to open an MCL file. CVE-2015-6127 Exploits/Client Side Windows
Borland AccuRev Reprise License Server edit_lf_process Write Arbitrary Files Exploit Update 2 The specific flaw exists within the edit_lf_process resource of the AccuRev Reprise License Manager service. The issue lies in the ability to write arbitrary files with controlled data. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. This update introduces a number of improvements related to the architecture of the agent installed and scenarios where multiple targets are tested. This update adds reliability. NOCVE-9999-74481 Exploits/Remote Windows
Borland AccuRev Reprise License Server edit_lf_process Write Arbitrary Files Exploit Update The specific flaw exists within the edit_lf_process resource of the AccuRev Reprise License Manager service. The issue lies in the ability to write arbitrary files with controlled data. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. This update introduces a number of improvements related to the architecture of the agent installed and scenarios where multiple targets are tested. NOCVE-9999-74481 Exploits/Remote Windows
Symantec Endpoint Protection Manager Java Library Deserialization Vulnerability Remote Code Execution Exploit Symantec Endpoint Protection Manager is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. CVE-2015-6555 Exploits/Remote Windows
Oracle WebLogic Server commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit Update Oracle WebLogic Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. This update add proper CVE number and more supported platforms. CVE-2015-4852 Exploits/Remote Solaris, Windows, Linux