Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Category Platform
Baofeng Storm OnBeforeVideoDownload Exploit BaoFeng Storm ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input. CVE-2009-1612 Exploits/Client Side Windows
Microsoft Office Works Converter Exploit (MS09-024) This module exploits a vulnerability in the Microsoft Office Works converter that could allow remote code execution via a specially crafted Works file. CVE-2009-1533 Exploits/Client Side Windows
Adobe PDF CustomDictionaryOpen Buffer Overflow Update This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary errors in the customdictionaryopen() method in Javascript api. This can be exploited to cause a heap overflow when a specially crafted PDF file is opened. This update corrects the CVE number for this exploit. CVE-2009-1493 Exploits/Client Side Linux
Nagios Command Injection Exploit A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitized before being used to invoke the ping command. This can be exploited to inject and execute arbitrary shell commands. Additional research revealed that this parameter is vulnerable to Cross-Site Request Forgery. This module exploits the XSRF vulnerability in order to install an agent using the command injection vulnerability. CVE-2009-2288 Exploits/Client Side Linux
Opera file URI Handling Buffer Overflow Exploit Update Opera is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. This update add Decouple feature. CVE-2008-5178 Exploits/Client Side Windows
Microsoft IIS MS08-006 Exploit update 3 This module exploits a stack buffer overflow vulnerability present in Microsoft Internet Information Server versions 5.1 through 6.0. This update makes the name of the file used random to improve reliability, as well as avoid a system error when the file is used. It also adds the possibility of deploying multiple agents. CVE-2008-0075 Exploits/Local Windows
SugarCRM Remote Code Execution Exploit Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name. CVE-2009-2146 Exploits/Remote Linux, Solaris, Mac OS X
Pidgin MSNSLP Arbitrary Write Exploit The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messages. This can be exploited to cause a stack-based buffer overflow without user interaction. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-2694 Exploits/Client Side Windows, Linux
MSRPC WKSSVC NetrGetJoinInformation Heap Corruption DoS (MS09-041) This module exploits an improperly memory free by sending a specially crafted RPC packet to cause a DoS condition on the target machine. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1544 Denial of Service/Remote Windows
Bopup Communications Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error and can be exploited to cause a stack-based buffer overflow via a specially crafted TCP packet sent to port 19810. Successful exploitation allows execution of arbitrary code. CVE-2009-2227 Exploits/Remote Windows
Adobe Reader JBIG2Decode Memory Corruption Exploit update This module exploits an array indexing vulnerability in Adobe Reader when handling a specially crafted PDF file. This update adds support for Windows XP SP2, Windows 2000 Professional SP4 and improves reliability when exploiting from browsers. CVE-2009-0658 Exploits/Client Side Windows
PulseAudio Privilege Escalation Exploit This module exploits a race condition vulnerability in PulseAudio on Linux systems to gain elevated privileges. CVE-2009-1894 Exploits/Local Linux
Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in Motorola Timbuktu Pro by sending a long malformed string over the plughNTCommand named pipe. CVE-2009-1394 Exploits/Remote Windows
FreeBSD mount Local Privilege Escalation Exploit FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel. CVE-2008-3531 Exploits/Local FreeBSD
HT-MP3Player HT3 Buffer Overflow Exploit HT-MP3Player contains a buffer prone to exploitation when handling .HT3 files, which can be exploited to cause a stack-based bufferoverflow via a specially crafted .HT3 file. CVE-2009-2485 Exploits/Client Side Windows
RPT Remote Exploits Timeout Update This update corrects timeouts in different remote exploits. CVE-2007-6377 Exploits/Remote Windows
Adobe Acrobat Reader and Flash Player Code Execution Exploit Adobe Acrobat Reader, and Flash Player are prone to a remote code-execution by supplying a malicious Flash (.SWF) file or by embedding a malicious Flash application in a .PDF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1862 Exploits/Client Side Windows
Safenet SoftRemote IKE Service Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in the Safenet IKE Service (included in several VPN clients) by sending a specially crafted packet to UDP port 62514. CVE-2009-1943 Exploits/Remote Windows
Unisys Business Information Server Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the Unisys Business Information Server by sending a specially crafted packet to the 3989/TCP port. CVE-2009-1628 Exploits/Remote Windows
VLC Media Player RealText Processing Stack Overflow Exploit Update This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value. CVE-2008-5036 Exploits/Client Side Windows
PHPMyAdmin Setup Config Remote Code Execution Exploit Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. CVE-2009-1151 Exploits/Remote Code Execution Solaris, Linux, Mac OS X
Zen Cart record_company Remote Code Execution Exploit Zen Cart is prone to a vulnerability that attackers can leverage to execute arbitrary code. This issue occurs in the 'admin/record_company.php' script. Specifically, the application fails to sufficiently sanitize user-supplied input to the 'frmdt_content' parameter of the 'record_company_image' array. NOCVE-9999-38922 Exploits/Remote Code Execution Linux
Photo DVD Maker PDM Buffer Overflow Exploit Photo DVD Maker contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Photo DVD Maker when handling .PDM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PDM file. CVE-2009-2375 Exploits/Client Side Windows
Wireshark PROFINET Dissector Format String Exploit Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. CVE-2009-1210 Exploits/Remote Windows
Mozilla Firefox Memory Corruption Exploit Update This module exploits a vulnerability in Mozilla Firefox 3.5 and installs an agent on the target machine. This update adds support to mac os x. CVE-2009-2477 Exploits/Client Side Windows, Mac OS X
Adobe Flash Player SWF Content Exploit This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1862 Exploits/Client Side Windows
Microsoft Windows HTTP Services Credential Reflection Exploit (MS09-013) This module implements the NTLM Relay attack through HTTP Services to install an agent in the target machine. CVE-2009-0550 Exploits/Client Side Windows
AOL Radio IWinAmpActiveX ConvertFile() Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in AOL Radio ActiveX to install an agent. NOCVE-9999-38369 Exploits/Client Side Windows
VLC Media Player SMB URI Handling Buffer Overflow Exploit VLC Media Player is prone to a stack-based buffer-overflow vulnerability when handling playlist files having an overly long SMB URI. CVE-2009-2484 Exploits/Client Side Windows
XOOPS mydirname Remote Code Execution Exploit This module exploits a lack of data sanitization when passed to the "mydirname" parameter in specific modules of XOOP web application. This can be exploited to inject and execute arbitrary PHP code to deploy an agent. Successful exploitation requires that "register_globals" is enabled. NOCVE-9999-38580 Exploits/Remote Solaris, Linux