Core Impact Pro Exploits and Security Updates
When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.
Use the controls below to navigate Core Impact exploits and other modules.
Title |
Description | Vulnerabilty | Category | Platform |
|---|---|---|---|---|
| PHP-CGI Argument Injection Exploit Update | This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms. | CVE-2012-1823 | Exploits/Remote | Windows, OpenBSD, Linux, FreeBSD |
| Phpldapadmin orderby Remote Code Execution Exploit | Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code. | CVE-2011-4075 | Exploits/Remote | Linux, Mac OS X |
| Phpmyadmin error BBcode Injection Exploit | In error.php, PhpMyAdmin permits users to insert text and restricted tags (like BBCode). With the tag [a@url@page]Click Me[/a] you can insert your own page, and redirect all users to that page. This can be used to direct users to a page hosting an OS agent. | NOCVE-9999-46190 | Exploits/Client Side | Linux, Windows, Mac OS X |
| phpMyAdmin Post Auth Remote Code Exploit | phpMyAdmin is prone to a regexp abuse via an eval modifier which can be found in old PHP versions. This vulnerability allows authenticated attackers to run arbitrary php code on the affected server. PHP versions 4.3.0-5.4.6 had a "feature" which allowed users to run a RegExp Pattern Modifier using PREG_REPLACE_EVAL and may lead to execute code. phpMyAdmin had an issue in their code that can be exploited from a table replace call. The general idea is to insert a crafted regexp eval record format, and then trigger it via a find and replace function with system commands For that purpose, the exploit will try to use any existing cookies of that host, or the username and password provided. Once logged in, if the user provided a database, it will be used. If not, we will search for existing databases. The attack will not leave any trace. This exploit installs an OS Agent. | CVE-2016-5734 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
| PHPMyAdmin Replace Table Prefix Remote Code Execution Exploit | This module abuses a vulnerability in phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 that allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. | CVE-2013-3238 | Exploits/Remote | Linux |
| PHPMyAdmin Server_databases Remote Code Execution Exploit | This module exploits a vulnerability in PHPMyAdmin. server_databases.php fails when it attemps to sanitize the sort_by parameter. It allows an attacker to inject code, and execute it on the web server with www-data privileges. | CVE-2008-4096 | Exploits/Remote | Linux |
| Phpmyadmin Server_databases Remote Code Execution Exploit Update | This updates provides more readable log messages when specific errors occur and improves the reliability of the exploit. | CVE-2008-4096 | Exploits/Remote | Linux |
| PHPMyAdmin Setup Config Remote Code Execution Exploit | Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | CVE-2009-1151 | Exploits/Remote Code Execution | Solaris, Linux, Mac OS X |
| PHPMyAdmin Setup Config Remote Code Execution Exploit Update | This update adds support for Solaris and Mac OS X platforms. | CVE-2009-1151 | Exploits/Remote | Solaris, Linux, Mac OS X |
| PhpMyAdmin Unserialize Remote Code Execution Exploit | phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default. | CVE-2009-4605 | Exploits/Remote | Windows, Solaris, Linux, Mac OS X |
| PhpMyAdmin Unserialize Remote Code Execution Exploit Update | phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default. This update adds support for Solaris and Mac OS X. | CVE-2009-4605 | Exploits/Remote | Windows, Solaris, Linux, Mac OS X |
| phpScheduleit 1.2.10 Remote Code Execution Exploit | Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. | CVE-2008-6132 | Exploits/Remote | Windows, Linux |
| phpScheduleit 1.2.10 Remote Code Execution Exploit Update | Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. This update adds support for the Solaris and FreeBSD platforms. | CVE-2008-6132 | Exploits/Remote | Windows, Solaris, Linux, FreeBSD |
| Pidgin MSNSLP Arbitrary Write Exploit | The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messages. This can be exploited to cause a stack-based buffer overflow without user interaction. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. | CVE-2009-2694 | Exploits/Client Side | Windows, Linux |
| Pidgin MSNSLP Arbitrary Write Exploit Update | The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messages. This can be exploited to cause an arbitrary write without user interaction. This module updates the MSN library, because of minor changes in the handling of the HTTP encapsulation of the MSN protocol within the Microsoft MSN server. | CVE-2009-2694 | Exploits/Client Side | Windows, Linux |
| PineApp Mail-SeCure ldapsynchnow.php Remote Code Execution Exploit | This module exploits a vulnerability present in PineApp Mail-SeCure. The specific flaw exists within the component ldapsynchnow.php, which lacks proper sanitization, thus allowing command injection. | NOCVE-9999-59234 | Exploits/Remote | Linux |
| Pixia wintab32 DLL Hijacking Exploit | Pixia is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder as a .PXA file. The attacker must entice a victim into opening a specially crafted .PXA file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code. | NOCVE-9999-47043 | Exploits/Client Side | Windows |
| PKZIP dwmapi DLL Hijacking Exploit | PKZIP is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .ZIPX file. | NOCVE-9999-46108 | Exploits/Client Side | Windows |
| Plone popen2 Remote Command Execution Exploit | This module exploits a remote command execution vulnerability in the Zope web application server used by Plone, by sending a specially crafted HTTP request to the affected web site. The vulnerability exists because it is possible to remotely invoke the popen2 function from the Python os package with arbitrary arguments in the context of the affected server. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable machine. | CVE-2011-3587 | Exploits/Remote | Linux, FreeBSD |
| Pointdev IDEAL Administration IPJ Buffer Overflow Exploit | This module exploits a vulnerability in Pointdev IDEAL Administration, when importing a project file, may allow a remote unprivileged user who provides a crafted IPJ document that is opened by a local user to execute code on the system with the privileges of the user running Pointdev IDEAL Administration. This can be exploited to cause a stack based buffer overflow when a specially crafted file is imported. | NOCVE-9999-48212 | Exploits/Client Side | Windows |
| Pointdev IDEAL Migration IPJ Buffer Overflow Exploit | Pointdev IDEAL Migration is prone to a stack-based buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied data, when handling .IPJ files. | NOCVE-9999-44427 | Exploits/Client Side | Windows |
| PolicyKit pkexec Race Condition Exploit | This module exploits a local race-condition vulnerability in PolicyKit, which allows local users to execute arbitrary code with root privileges. | CVE-2011-1485 | Exploits/Local | Linux |
| POODLE TLS1.x to SSLv3 Downgrading Vulnerability Exploit | This module exploits a vulnerability in Internet Explorer 10/11 by downgrading the encryption from TLS 1.x to SSLv3. After that, part of the encrypted text plain will be decrypted. | CVE-2014-3566 | Exploits/Tools | Windows |
| POP Peeper UIDL Buffer Overflow Exploit | The POP Peeper client is vulnerable to a remote buffer overflow vulnerability. This vulnerability is exploitable as a client side attack. A vulnerable POP Peeper user must connect to a server created by IMPACT Pro and attempt to retrieve mail in order for IMPACT Pro to exploit the vulnerable agent and deploy and agent on the users machine. | NOCVE-9999-36822 | Exploits/Client Side | Windows |
| Postgres Plus Advanced Server DBA Management Server Remote Code Execution Exploit | The DBA Management Server component of EnterpriseDB Postgres Plus Advanced Server does not restrict access to the underlying JBoss JMX Console. This can be abused by remote, unauthenticated attackers to execute arbitrary code on the vulnerable server. | NOCVE-9999-47537 | Exploits/Remote Code Execution | Windows, Linux |
| Power Tab Editor PTB Buffer Overflow Exploit | Power Tab Editor is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data when handling .PTB files. | CVE-2010-2311 | Exploits/Client Side | Windows |
| pPim Remote File Inclusion Exploit | This module exploits a vulnerability in pPIM's upload.php script that allows attackers to upload arbitrary scripts of any type to the target server. | NOCVE-9999-36557 | Exploits/Remote File Inclusion/Known Vulnerabilities | none |
| Procyon Core Server HMI Scada Coreservice Buffer Overflow Exploit | Vulnerability in the coreservice.exe component of Procyon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record, allowing for unauthenticated remote code execution. | CVE-2011-3322 | Exploits/Remote | Windows |
| Procyon Core Server HMI Scada Coreservice Buffer Overflow Exploit Update | Vulnerability in the coreservice.exe component of Procyon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record, allowing for unauthenticated remote code execution. This version updates runtime value to the appropriate for this case. | CVE-2011-3322 | Exploits/Remote | Windows |
| Proface GP Pro EX Buffer Overflow Exploit | The specific flaw exists within BeginPreRead() processing. When handling malformed 0x7f77 type fields. | NOCVE-9999-74950 | Exploits/Client Side | Windows |