Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates
When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.
Use the controls below to navigate Core Impact exploits and other modules.
Title |
Description | Vulnerabilty | Category | Platform |
|---|---|---|---|---|
| Oracle Outside In XPM Image Processing Buffer Overflow Exploit | A Buffer Overflow exists in the Oracle Outside SDK when the XPM image processing method does not properly validate the length of chars_per_pixel string within XPM images. This suite is used for 3rd party applications like Quick View Plus. | CVE-2012-0554 | Exploits/Client Side | Windows |
| Oracle Secure Backup Authentication Bypass-Command Injection Exploit | This module exploits an authentication bypass in the login.php in vulnerable versions of Oracle Secure Backup in order to execute arbitrary code via command injection parameters. | CVE-2010-0904 | Exploits/Remote | Windows, Solaris |
| Oracle Secure Backup Command Injection Exploit | This module exploits a command injection error in the Oracle Secure Backup Administration server. | CVE-2008-5449 | Exploits/Remote | Windows, Linux |
| Oracle Secure Backup NDMP_CONNECT_CLIENT_AUTH Buffer Overflow Exploit | This module exploits a vulnerability in Oracle Secure Backup when sending a specially crafted NDMP_CONNECT_CLIENT_AUTH packet. | CVE-2008-5444 | Exploits/Remote | Windows |
| Oracle Secure Backup NDMP_CONNECT_CLIENT_AUTH Buffer Overflow Exploit Update | This module exploits a vulnerability in Oracle Secure Backup when sending a specially crafted NDMP_CONNECT_CLIENT_AUTH packet. This update improves exploit reliability and adds a ndmp library for ndmp based exploits. | CVE-2008-5444 | Exploits/Remote | Windows |
| Oracle Secure Backup Remote Command Execution Exploit | This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port 443. The script login.php does not properly sanitize the 'username' variable before using it in a database query. A specially crafted 'username' allows unauthorized attackers to log in with full administrative capabilities. | CVE-2009-1977 | Exploits/Remote Code Execution | Windows, Solaris |
| Oracle Secure Backup Remote Command Execution Exploit Update | This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port 443. The script login.php does not properly sanitize the 'username' variable before using it in a database query. A specially crafted 'username' allows unauthorized attackers to log in with full administrative capabilities. This update adds Solaris support. | CVE-2009-1977 | Exploits/Remote Code Execution | Windows, Solaris |
| Oracle VirtualBox 3D Acceleration Virtual Machine Escape Exploit | The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. An attacker running code within a Guest operating system can exploit these vulnerabilities in order to escape from the virtual machine and execute arbitrary code on the Host operating system. | CVE-2014-0981 | Exploits/Local | Windows |
| Oracle VirtualBox Guest Additions Arbitrary Write Local Privilege Escalation Exploit | The Oracle VirtualBox Guest Additions Driver (VBoxGuest.sys) present in Oracle VirtualBox is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x22A040) to the vulnerable driver within the Windows Guest OS. | CVE-2014-2477 | Exploits/Local | Windows |
| Oracle VirtualBox VBoxSF.sys IOCTL_MRX_VBOX_DELCONN Privilege Escalation Exploit | The VBoxSF.sys driver is a component of VirtualBox Guest Additions, which is in charge of providing the 'Shared Folders' feature offered by Oracle VirtualBox. This driver doesn't properly validate a pointer when handling the IOCTL_MRX_VBOX_DELCONN IoControl. This allows an unprivileged user in a Windows Guest OS with VirtualBox Guest Additions installed to gain SYSTEM privileges within the Guest OS. | CVE-2014-0405 | Exploits/Local | Windows |
| Oracle VM Server Virtual Server Agent Command Injection Exploit | By including shell meta characters within the second parameter to the 'urt_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root privileges. | CVE-2010-3585 | Exploits/Remote | Linux |
| Oracle Web Logic IIS JSESSIONID Buffer Overflow Exploit | This module exploits a vulnerability in Oracle WebLogic IIS Connector when sending a specially crafted POST message with a specially JSESSIONID cookie. | CVE-2008-5457 | Exploits/Remote | Windows |
| Oracle WebCenter Content CheckOutAndOpen ActiveX openWebdav Arbitrary File Code Execution Exploit | Oracle WebCenter Content is prone to a Remote File Execution vulnerability within the CheckOutAndOpen.dll ActiveX when using openWebdav method. By specifying a constructed path an attacker can force the contents of the file to be passed to ShellExecuteExW, thus being able to execute arbitrary files. The payload is embedded on a VBS file which is automatically executed when a HTA file is requested through Webdav. | CVE-2013-1559 | Exploits/Client Side | Windows |
| Oracle WebLogic Server Apache Connector Exploit | Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). | CVE-2008-3257 | Exploits/Remote | Windows, AIX |
| Oracle WebLogic Server Apache Connector Exploit Update | Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed. This update changes the default connection method for the module. | CVE-2008-3257 | Exploits/Remote | Windows, AIX, Linux |
| Oracle WebLogic Server commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit | Oracle WebLogic Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. | NOCVE-9999-74931 | Exploits/Remote | Windows |
| Oracle WebLogic Server commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit Update | Oracle WebLogic Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. This update add proper CVE number and more supported platforms. | CVE-2015-4852 | Exploits/Remote | Solaris, Windows, Linux |
| OracleDB AUTH_SESSKEY Remote Buffer Overflow Exploit | This module exploits a vulnerability in the Oracle Database Server. The vulnerability is triggered when the server processes a long string inside the AUTH_SESSKEY property resulting in a stack-based buffer overflow. | CVE-2009-1979 | Exploits/Remote | Windows |
| OracleDB AUTH_SESSKEY Remote Buffer Overflow Exploit Update | This module exploits a vulnerability in the Oracle Database Server. The vulnerability is triggered when the server processes a long string inside the AUTH_SESSKEY property resulting in a stack-based buffer overflow. This update adds support for Windows 2003 SP2 and Oracle 10.2.0.4. | CVE-2009-1979 | Exploits/Remote | Windows |
| OracleDB CSA Remote Code Execution Exploit | This module exploits a vulnerability in the Client System Analyzer component of the Oracle Database Server. | CVE-2010-3600 | Exploits/Remote | Windows, Linux |
| OracleDB CSA Remote Code Execution Exploit AV Evasion Update | This update updates AV evasion for OracleDB CSA Remote Code Execution Exploit module. | CVE-2010-3600 | Exploits/Remote | Windows, Linux |
| OracleDB DBMS AW.EXECUTE CDA Command Remote Stack Overflow Exploit | Oracle Database Server Core RDBMS component is prone to a remote vulnerability that allows attackers to exploit a stack-based buffer overflow in the EXECUTE procedure of DBMS_AW. Using an overly long parameter in the CDA command with the previous procedure, a stack-based buffer overflow will occur, overwriting the saved return address. This module requires database user credentials with 'Create Session' privilege. | CVE-2014-6567 | Exploits/Remote | Windows |
| OracleDB DBMS AW.EXECUTE CDA Command Remote Stack Overflow Exploit Update | Oracle Database Server Core RDBMS component is prone to a remote vulnerability that allows attackers to exploit a stack-based buffer overflow in the EXECUTE procedure of DBMS_AW. Using an overly long parameter in the CDA command with the previous procedure, a stack-based buffer overflow will occur, overwriting the saved return address. This module requires database user credentials with 'Create Session' privilege. This update fixes a variable referenced before assignment bug. | CVE-2014-6567 | Exploits/Remote | Windows |
| OracleDB sys_context Remote Stack Overflow Exploit | A buffer overflow vulnerability was found in the SYS_CONTEXT procedure in Oracle Database Server allows a valid database user to execute arbitrary code. The vulnerability can be exploited by any valid database user with CONNECT privileges. The buffer overflow can then be exploited by calling the SYS_CONTEXT() function. This module has two uses: One as a Remote Exploit, which needs authentication, and another as an SQL Injection OS Agent installer module, which needs an Oracle SQL Agent as a target. | CVE-2004-1364 | Exploits/Remote | Linux |
| OracleDB TNS Listener Remote Poisoning Vulnerability Exploit | Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application. This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent. If a database instance name is supplied, it will be used to check for the vulnerability against the TNS listener of the target, but this could affect future client connections, as long as the module is running. If no database instance name is supplied, the module will try to register a random name. | CVE-2012-1675 | Exploits/Remote | Windows, Linux |
| Orbit Downloader Connecting Log Message Buffer Overflow Exploit | The application is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when the application creates a 'Connecting' log message. An attacker can exploit this issue by enticing a vulnerable user into connecting to a malicious HTTP server or opening a specially crafted URI that contains an excessively long hostname. | CVE-2009-0187 | Exploits/Client Side | Windows |
| Orbit Downloader Download Failed Exploit | Orbit Downloader is vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers to execute arbitrary code. The vulnerability is due to Orbit not properly converting an URL ASCII string to UNICODE. This can be exploited to execute arbitrary code by downloading a file from a specially crafted URL. | CVE-2008-1602 | Exploits/Client Side | Windows |
| Orbital Viewer .ORB Buffer Overflow Exploit | Orbital Viewer is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. | CVE-2010-0688 | Exploits/Client Side | Windows |
| osCommerce Arbitrary File Upload Exploit | osCommerce Online Merchant 2.2 RC2a is vulnerable to an Arbitrary File Upload without the need to be authenticated. This leads to arbitrary PHP code execution in the context of the webserver. This module tries to install a RFI agent if the Web Application is vulnerable. It will fail if the webserver is not allowed to write on the document root of the vulnerable web application. | NOCVE-9999-40096 | Exploits/Remote File Inclusion/Known Vulnerabilities | none |
| OtsTurntables OFL Buffer Overflow Exploit | OtsTurntables contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in OtsTurntables when handling .OFL files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .OFL file. | NOCVE-9999-35963 | Exploits/Client Side | Windows |