Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Category Platform
CA BrightStor ARCserve Backup Media Server Exploit Update This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine. This update adds support for Windows 2003 SP1 and SP2, Windows Vista SP1 and Windows XP SP3. CVE-2007-1785 Exploits/Remote Windows
Squid Web Proxy Cache HTTP Version Number DoS This module sends HTTP requests that causes the Squid Web Proxy to stop running. NOCVE-9999-35968 Denial of Service/Remote Linux
OtsTurntables OFL Buffer Overflow Exploit OtsTurntables contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in OtsTurntables when handling .OFL files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .OFL file. NOCVE-9999-35963 Exploits/Client Side Windows
Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target. CVE-2008-5416 Exploits/Remote Windows
Destiny Media Player Playlist Buffer Overflow Exploit Destiny Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Destiny Media Player when handling .LST files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .LST file. NOCVE-9999-35962 Exploits/Client Side Windows
Browse3D SFS Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the parsing of .SFS files, this can be exploited to cause a stack-based buffer overflow via a .SFS file with an overly long file string. NOCVE-9999-35960 Exploits/Client Side Windows
Client Side Exploits Save Attach Update This module improves several features for client side exploits. CVE-2007-2193 Exploits/Client Side Windows, Mac OS X, Linux
ESET Smart Security EPFW.SYS Privilege Escalation Exploit This module exploits a vulnerability in ESET Smart Security EPWF.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2008-5724 Exploits/Local Windows
mIRC Buffer Overflow Exploit update The vulnerability is caused due to a boundary error in the processing of PRIVMSG IRC messages. This can be exploited to cause a stack-based buffer overflow by tricking a user into connecting to a malicious IRC server. CVE-2008-4449 Exploits/Client Side Windows
HP OpenView NNM HTTP Request Stack Overflow Exploit This module exploits a buffer overflow vulnerability in the Toolbar application, part of the HP OpenView Network Node Manager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted HTTP request to the ports 3443/TCP or 80/TCP of the vulnerable system and installs an agent if successful. CVE-2008-0067 Exploits/Remote Windows, Solaris
Amaya Web Browser BDO HTML TAG Buffer Overflow Exploit This module exploits a vulnerability caused due to boundary errors in Amaya Web Browser within the processing of BDO HTML tag having an overly long DIR attribute, allowing an attacker to cause a stack overflow in order to execute arbitrary code. CVE-2008-5282 Exploits/Client Side Windows
W3C Amaya Web Browser INPUT Tag Buffer Overflow Exploit Multiple stack buffer overflow vulnerabilities have been discovered in Amaya, which can be exploited by malicious people to compromise a users system. This module runs a web server waiting for vulnerable clients (W3C Amaya Web Browser) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-35964 Exploits/Client Side Windows
Microsoft Internet Explorer XML Buffer Overflow Exploit Update This update improves the reliability of the exploit and adds support for Windows Vista. CVE-2008-4844 Exploits/Client Side Windows
VUPlayer M3U Buffer Overflow Exploit VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in VUPlayer when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. CVE-2006-6251 Exploits/Client Side Windows
XMPlay Playlist Files Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the parsing of playlists (.m3u, .pls, and .asx) containing an overly long file name. This can be exploited to cause a stack-based buffer overflow via a specially crafted playlist file. CVE-2006-6063 Exploits/Client Side Windows
Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) Update This update add support to Microsoft Windows 2000 SP4 Professional, Server, Advanced Server and Windows 2003 SP0 Standard Edition and Enterprise Edition. CVE-2008-4038 Exploits/Remote Windows
Cain and Abel RDP Stack Overflow Exploit This module exploits a vulnerability caused by a boundary error in the processing of RDP files. This can be exploited to cause a stack-based buffer overflow by tricking a user into decoding a specially crafted RDP file. CVE-2008-5405 Exploits/Client Side none
BulletProof FTP Client Buffer Overflow Exploit BulletProof FTP Client contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in BulletProof FTP Client when handling .BPS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .BPS file. CVE-2008-5754 Exploits/Client Side none
MSRPC WKSSVC NetpManageIPCConnect Exploit Update 2 This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.6 to 8.0 of the framework. CVE-2006-4691 Exploits/Remote Windows
Openfire Remote Command Injection Exploit This module exploits a Reflected Cross-Site Scripting vulnerability in Openfire to install an agent. CVE-2009-0496 Exploits/Client Side Windows, Mac OS X, Linux
Mozilla Firefox UTF-8 Buffer Overflow Exploit This module exploits a buffer overflow in Mozilla Firefox when parsing a malformed UTF-8 encoded URL. CVE-2008-0016 Exploits/Client Side Windows, Linux
NaviCOPA Web Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of HTTP GET requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP GET request to the server. CVE-2006-5112 Exploits/Remote Windows
Mac OS X smcFanControl Local Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in smcFanControl on Apple Mac OS X 10.4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. CVE-2008-6252 Exploits/Local Mac OS X
Ffdshow URL Processing Buffer Overflow Exploit This module exploits a buffer overflow in the ffdshow codec when processing a specially crafted, long URL. CVE-2008-5381 Exploits/Client Side Windows
WFTPD Server SIZE Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "SIZE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the WFTPD Server process. CVE-2006-4318 Exploits/Remote none
CesarFTP MKD Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long MKD commands. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the CesarFTP process. CVE-2006-2961 Exploits/Remote none
Microsoft Works wkimgsrv.dll Memory Corruption Exploit This module exploits a vulnerability in the wkimgsrv.dll control shipped with Microsoft Works and many Microsoft Office Suites. The exploit is triggered when the WksPictureInterface() method processes a number as argument resulting in a memory corruption. The WksPictureInterface(), in certain circumstances, points to an invalid memory address that can be controlled to gain code execution. CVE-2008-1898 Exploits/Client Side Windows
Microsoft Windows SMB Credential Reflection Exploit (MS08-068) This module implements the SMB Relay attack to install an agent in the target machine. CVE-2008-4037 Exploits/Local Windows
MiniShare HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the handling of HTTP "GET" requests. This can be exploited to cause a buffer overflow by sending a specially crafted overly long request with a pathname larger than 1787 bytes. CVE-2004-2271 Exploits/Remote Windows
BadBlue HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in ext.dll when processing an overly long PassThru command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2007-6377 Exploits/Remote Windows