Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Titlesort ascending Description Vulnerabilty Category Platform
Disk Sorter Enterprise Login Buffer Overflow Exploit Disk Savvy server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges. NOCVE-9999-84592 Exploits/Remote Windows
Disk Pulse Server GetServerInfo Request Buffer Overflow Exploit Update A vulnerability exists in the way Disk Pulse Server v2.2.34 process a remote clients "GetServerInfo" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. This update correct typo. NOCVE-9999-45456 Exploits/Remote Windows
Disk Pulse Server GetServerInfo Request Buffer Overflow Exploit A vulnerability exists in the way Disk Pulse Server v2.2.34 process a remote clients "GetServerInfo" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. NOCVE-9999-45456 Exploits/Remote Windows
Disk Pulse Enterprise Server POST Request Buffer Overflow Exploit Disk Pulse server is prone to a buffer-overflow vulnerability when handling a crafted POST request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM priviledges. NOCVE-9999-80600 Exploits/Remote Windows
DirectX Media SDK Exploit Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. CVE-2007-4336 Exploits/Client Side Windows
Diamond Programmer XCF File Processing Buffer Overflow Exploit Diamond Programmer is prone to a buffer-overflow when handling specially crafted XCF files with an overly long string. CVE-2012-2614 Exploits/Client Side Windows
DHCP Server with Bash Variables Injection Exploit This update includes a module implementing a DHCP server that'll attack querying hosts using the GNU Bash Environment Variables Injection vulnerability. CVE-2014-6271 Exploits/Tools Linux
Destiny Media Player Playlist Buffer Overflow Exploit Destiny Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Destiny Media Player when handling .LST files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .LST file. NOCVE-9999-35962 Exploits/Client Side Windows
Dell Webcam CrazyTalk4Native.dll ActiveX Buffer Overflow Exploit The CrazyTalk4Native.dll bundled with Dell Webcam Central is prone to a buffer overflow which is exploited by this module. NOCVE-9999-51753 Exploits/Client Side Windows
Debian OpenSSL Predictable Random Number Generation Exploit Update 2 This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. The exploit will generate the complete vulnerable keyspace, and will try to log as the provided user. If the user is root, the agent will have superuser capabilities. This update improves exploit performance when used through Network Attack and Penetration RPT. CVE-2008-0166 Exploits/Remote Linux
Debian OpenSSL Predictable Random Number Generation Exploit Update This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. This update contains: -Corrections of some documentation issues. -Performance optimizations. -New parameter for user's preferences. CVE-2008-0166 Exploits/Remote Linux
Debian OpenSSL Predictable Random Number Generation Exploit This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. CVE-2008-0166 Exploits/Remote Linux
DCERPC Authentication and Encryption support This update will add DCERPC encryption to some MSRPC exploits. The result is that, when enabled, all the 'Stub data' for DCERPC requests will be encrypted, thus hiding the real content. CVE-2005-1985 Exploits/Remote Windows
dBpowerAMP Audio Player Buffer Overflow Exploit The vulnerability is caused due to boundary errors in dBpowerAMP within the processing of M3U files. dBpowerAMP fails to check the length of the string in M3U playlist archives, allowing an attacker to cause a stack overflow in order to execute arbitrary code. CVE-2008-0661 Exploits/Client Side Windows
DAZ Studio Script Exploit This module abuses the scripting functionality in DAZ Studio to trigger remote code execution via a DAZ Script file. NOCVE-9999-39875 Exploits/Client Side Windows, Mac OS X
DATAC RealWin STARTPROG Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_SCRIPT_FCS_STARTPROG packets with an overly long string. CVE-2011-1563 Exploits/Remote Windows
DATAC RealWin SCADA Server Remote Stack Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in RealWin SCADA Server. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/910. CVE-2008-4322 Exploits/Remote Windows
DATAC RealWin SCADA Server Login Buffer Overflow Exploit DATAC Realwin is prone to a buffer-overflow when processing On_FC_CONNECT_FCS_LOGIN packets with an overly long user name. CVE-2011-1563 Exploits/Remote Windows
DATAC RealWin Packet Processing Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/912. CVE-2010-4142 Exploits/Remote Windows
DATAC RealWin ADDTAGMS Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_CTAGLIST_FCS_ADDTAGMS packets with an overly long string. CVE-2011-1563 Exploits/Remote Windows
Dassault Systemes Catia CATV5_Backbone_Bus Buffer Overflow Exploit A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded. NOCVE-9999-62708 Exploits/Remote Windows
DameWare Mini Remote Control Username Exploit This module exploits a vulnerability in DameWare Mini Remote Control by sending a specially crafted packet to port 6129/TCP. CVE-2005-2842 Exploits/Remote Windows
DameWare Mini Remote Control Pre Auth Exploit This module exploits a vulnerability in the DameWare Mini Remote Control Service sending a specially crafted packet to the 6129/TCP port. CVE-2003-1030 Exploits/Remote Windows
Daemon Tools Lite mfc80loc DLL Hijacking Exploit Daemon Tools Lite is prone to a vulnerability that may allow execution of MFC80LOC.DLL if this dll is located in the same folder than .MDS file. NOCVE-9999-45004 Exploits/Client Side Windows
D-Link TFTP Transporting Mode Buffer Overflow Exploit D-Link TFTP Server 1.0 allows remote attackers to cause a buffer overflow via a long GET request, which triggers the vulnerability. CVE-2007-1435 Exploits/Remote Windows
Cytel StatXact Cytel Studio Buffer Overflow Exploit This module exploits a vulnerability in Cytel StatXact. The vulnerability is caused due to boundary error within the processing of .CY3 project files. This can be exploited to cause a stack-based buffer overflow when a specially crafted .CY3 file is opened. NOCVE-9999-49645 Exploits/Client Side Windows
Cytel LogXact Cytel Studio Buffer Overflow Exploit Cytel LogXact are vulnerable to a buffer overflow vulnerability during the copying of the strings in a stack buffer of 256 bytes. NOCVE-9999-49644 Exploits/Client Side Windows
CYME ChartFX Client Server ActiveX Control Exploit The vulnerability is caused due to an indexing error in the ShowPropertiesDialog()method inside the ChartFX.ClientServer.Core.dll ActiveX Control. This can be exploited to write a single byte value to an arbitrary memory location via the pageNumber parameter. NOCVE-9999-55501 Exploits/Client Side Windows
CyberLink Power2Go P2G Name Attribute Buffer Overflow Exploit A stack-based buffer overflow in CyberLink Power2Go allows an attacker to execute arbitrary code via an overly long name attribute in a .P2G file. NOCVE-9999-52040 Exploits/Client Side Windows
CyberLink Power2Go dwmapi DLL Hijacking Exploit Update CyberLink Power2Go is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .P2G file. NOCVE-9999-46014 Exploits/Client Side Windows