Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Titlesort descending Description Vulnerabilty Category Platform
Schneider Electric Accutech Manager Heap Overflow Exploit This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to execute arbitrary code or crash the server. CVE-2013-0658 Exploits/Remote Windows
Schneider Electric Interactive Graphical SCADA System Buffer Overflow Exploit This Stack-based buffer overflow exploits a vulnerability in Schneider Electric's Interactive Graphical SCADA System (IGSS) that allows remote attackers to execute arbitrary code by sending a specially crafted packet to TCP port-12397. CVE-2013-0657 Exploits/Remote Windows
Schneider Electric Multiple Products DTM libraries Buffer Overflow Exploit The vulnerability exists within the isObjectModel ActiveX control's RemoveParameter property in Schneider Electric DTM libraries. CVE-2014-9200 Exploits/Client Side Windows
Schneider Electric OFS Client Buffer Overflow Exploit When a crafted configuration file is parsed by the client, it may cause a buffer overflow allowing the configuration file execute code on the target PC. CVE-2014-0774 Exploits/Client Side Windows
Schneider Electric ProClima MetaDraw ObjLinks Property Exploit The MetaDraw ActiveX control's ObjLinks property can be assigned an attacker-supplied memory address and the control will redirect execution flow to this given memory address. This update add some Av Evasion capabilities CVE-2014-8514 Exploits/Client Side Windows
Schneider Electric Serial Modbus Driver Buffer Overflow Exploit The vulnerability is a buffer overflow in Schneider Electric OPC factory Suite which bundle the vulnerable component Schneider Electric Modbus Serial Driver (ModbusDrv.exe). CVE-2013-0662 Exploits/Remote Windows
Schneider Electric VAMPSET ASCII Argument Heap Overflow Exploit The vulnerability in VAMPSET is caused by opening crafted VAMPSET disturbance recording files with log ASCII argument. This produce a heap overflow vulnerability when this info is copied to a fixed sized buffer in the heap. CVE-2014-8390 Exploits/Client Side Windows
Schneider Electric VAMPSET Channel List Buffer Overflow Exploit The stack overflow vulnerability in VAMPSET is caused by opening crafted VAMPSET disturbance recording files and using Channel List window. The program blindly copies the info of the file without checking the size of this info, overflowing the buffer. CVE-2014-8390 Exploits/Client Side Windows
SDP Downloader ASX Buffer Overflow Exploit SDP Downloader contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in SDP Downloader when handling crafted .ASX files. NOCVE-9999-38080 Exploits/Client Side Windows
Serenity Audio Player Buffer Overflow Exploit Serenity Audio Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Serenity Audio Player when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. CVE-2009-4097 Exploits/Client Side Windows
Serv-U Web Client HTTP Request Remote Buffer Overflow Exploit This module exploits a stack overflow in Serv-U Web Client by sending a specially crafted POST request. CVE-2009-4873 Exploits/Remote Windows
Serva TFTPD Service Large Read Requests Parsing DoS The Serva32 TFTPD service is vulnerable to a buffer overflow vulnerability when parsing large read requests. When the application reads in a large buffer the application crashes. CVE-2013-0145 Denial of Service/Remote Windows
Serva32 HTTP Server GET command DoS Serva32 is prone to a denial of service vulnerability when handling malformed GET commands. NOCVE-9999-48334 Denial of Service/Remote Windows
Shadow Stream Recorder Buffer Overflow Exploit Shadow Stream Recorder is prone to a remote stack-based buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied input. NOCVE-9999-52135 Exploits/Client Side Windows
SIDVault LDAP Server Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the LDAP service (sidvault.exe) of the SIDVault LDAP application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 389/TCP of the vulnerable system and installs an agent if successful. CVE-2007-4566 Exploits/Remote Windows
SIELCO SISTEMI Winlog Malformed Packet Stack Buffer Overflow Exploit Stack-based buffer overflow in Sielco Sistemi Winlog when Run TCP/IP server is enabled, allows remote attackers to execute arbitrary code via a crafted 0x02 opcode to TCP port 46823. CVE-2011-0517 Exploits/Remote Windows
Siemens SIMATIC WinCC SCADA RegReader ActiveX Buffer Overflow Exploit An unspecified error in the RegReader ActiveX control can be exploited to cause a buffer overflow. CVE-2013-0676 Exploits/Client Side Windows
SIEMENS Solid Edge SEListCtrlX ActiveX Memory Write Exploit Siemens Solid Edge SEListCtrlX ActiveX control is prone to an arbitrary memory write vulnerability because the application fails to perform adequate boundary checks on user-supplied data. NOCVE-9999-58736 Exploits/Client Side Windows
Siemens Tecnomatix FactoryLink CSService Buffer Overflow Exploit A vulnerability found on Siemens FactoryLink vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message, causing a stack overflow. NOCVE-9999-48567 Exploits/Remote Windows
Silo wintab32 DLL Hijacking Exploit Silo is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .SIB file. NOCVE-9999-45972 Exploits/Client Side Windows
Simple Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Simple Web Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-53352 Exploits/Remote Windows
SiSoftware Sandra dwmapi DLL Hijacking Exploit SiSoftware Sandra is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .SIS file. NOCVE-9999-46099 Exploits/Client Side Windows
Sketchup MAC Pict Material Palette Stack Corruption Exploit Sketchup fails to validate the input when parsing an embedded MAC Pict texture, leading to an arbitrary stack offset overwrite and finally to an arbitrary code execution. CVE-2013-3664 Exploits/Client Side Windows
Skype Extras Manager ActiveX Exploit This module exploits a buffer overflow vulnerability in the Extras Manager ActiveX Control included in Skype. This bug is currently being exploited in the wild. CVE-2009-4741 Exploits/Client Side Windows
SlimFTPd LIST Command Remote Buffer Overflow Exploit SlimFTPd server is prone to a stack buffer overflow when sending a LIST command with an overly-long argument. The attacker needs to be authenticated, so a successful login is required for the exploit to work. CVE-2005-2373 Exploits/Remote Windows
SMB MS05-027 DoS By sending a specially crafted SMB packet, this exploit performs a Denial of Service attack on the target machine. CVE-2005-1206 Denial of Service/Remote Windows
SMB Relay Update This update add support to a new method to bypass SMB signing when doing a SMB relay attack. CVE-2008-4037 Exploits/Tools Windows
SNMPc Trap Packet Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the SNMPc Network Manager by sending a specially crafted Trap packet with a long Community String to the UDP port 164 and installs an agent if successful. CVE-2008-2214 Exploits/Remote Windows
SNORT SMB Fragmentation Buffer Overflow exploit This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. CVE-2006-5276 Exploits/Remote Linux, FreeBSD
SNORT SMB Fragmentation Buffer Overflow Exploit Update This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. This update adds support for Redhat Enterprise Linux 4 and FreeBSD 6.2 on Impact 7.5 CVE-2006-5276 Exploits/Remote Linux, FreeBSD