Exploits and Security Updates to Core Impact Threat Intelligence

Exploits and Security Updates to Core Impact Threat Intelligence

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Titlesort descending Description Vulnerabilty Category Platform
SMB Relay Update This update add support to a new method to bypass SMB signing when doing a SMB relay attack. CVE-2008-4037 Exploits/Tools Windows
SNMPc Trap Packet Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the SNMPc Network Manager by sending a specially crafted Trap packet with a long Community String to the UDP port 164 and installs an agent if successful. CVE-2008-2214 Exploits/Remote Windows
SNORT SMB Fragmentation Buffer Overflow exploit This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. CVE-2006-5276 Exploits/Remote Linux, FreeBSD
SNORT SMB Fragmentation Buffer Overflow Exploit Update This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. This update adds support for Redhat Enterprise Linux 4 and FreeBSD 6.2 on Impact 7.5 CVE-2006-5276 Exploits/Remote Linux, FreeBSD
SNORT SMB Fragmentation Buffer Overflow Exploit Update 2 This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. This update improves the reliability for Redhat Enterprise Linux 4 and FreeBSD 6.2 on Impact 8.0 CVE-2006-5276 Exploits/Remote Linux, FreeBSD
Solar FTP Server DoS Solar FTP Server is prone to a Denial of Service condition. It fails to properly sanitize user-supplied input with a specially crafted "USER" command, a remote attacker can potentially disable the FTP service. NOCVE-9999-47271 Denial of Service/Remote Windows
Solaris ICMP Packet Remote DoS This module exploits a vulnerability in Solaris 10. The vulnerability is caused due to the improper handling of ICMP packets by the Solaris Operating System. CVE-2007-0634 Denial of Service/Remote Solaris
Solaris LD_AUDIT exploit This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. CVE-2005-2072 Exploits/Local Solaris
Solaris LD_AUDIT Privilege Escalation Exploit Update This module exploits a vulnerability in the Solaris Runtime Linker using the unsafe environment variable LD_AUDIT. This module exploits the vulnerability and installs an agent with root privileges. This update resolves an issue where the module could erroneously install agents in non-vulnerable systems. CVE-2005-2072 Exploits/Local Solaris
SolarWinds Application Monitor Pepco32c ActiveX Exploit The vulnerability is caused due to an error when handling the "PEstrarg1" member within pepco32c.ocx. NOCVE-9999-60564 Exploits/Client Side Windows
SolarWinds Application Monitor TSUnicodeGraphEditorControl factory Buffer Overflow Exploit The specific flaw exists within the 'factory' object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. CVE-2015-1500 Exploits/Client Side Windows
SolarWinds Application Monitor TSUnicodeGraphEditorControl factory Buffer Overflow Exploit Update The specific flaw exists within the 'factory' object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. This version add x86_64 support. CVE-2015-1500 Exploits/Client Side Windows
SolarWinds Application Monitor TSUnicodeGraphEditorControl factory Buffer Overflow Exploit Update 2 The specific flaw exists within the 'factory' object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. This version add x86_64 support. CVE-2015-1500 Exploits/Client Side Windows
Solarwinds DameWare Mini Remote Control Server Privilege Escalation Exploit A certain message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw(). CVE-2016-2345 Exploits/Local Windows
SolarWinds Firewall Security Manager userlogin Exploit Solarwinds FSM is vulnerable to an authentication bypass in userlogin.jsp that allows attacker to upload an agent via a weekness in the username atribute in settings-new.jsp allowing us to install an agent. CVE-2015-2284 Exploits/Remote Windows
Solarwinds LEM Management Virtual Appliance Shell Escape OS Command Injection Exploit Insufficient input validation in the management interface of Solarwinds LEM Management Virtual Appliance v6.3.1 can be leveraged in order to execute arbitrary commands. This can lead to shell access to the underlying operating system as root. NOCVE-9999-92480 Exploits/Remote Linux
SolarWinds Network Configuration Manager Pesgo32c PEstrarg1 Heap Overflow Exploit The vulnerability is caused due to a boundary error when handling the PEstrarg1 property and can be exploited to cause a heap overflow by assigning an overly long string to this property. CVE-2014-3459 Exploits/Client Side Windows
SolarWinds Storage Manager Server SQL Injection Authentication Bypass Exploit This module exploits a vulnerability in the SolarWinds Storage Manager Server. The LoginServlet page available on port 9000 is vulnerable to SQL injection via the loginName field. An attacker can send a specially crafted username and execute arbitrary SQL commands leading to remote code execution. NOCVE-9999-51501 Exploits/Remote Windows
Solarwinds TFTP Read Request DoS This exploit shutdown the Solarwinds TFTP server, sending a crafted Read Request to the affected port. CVE-2010-2115 Denial of Service/Remote Windows
Solarwinds Virtualization Manager Java JMX-RMI Remote Code Execution Exploit The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. CVE-2016-3642 Exploits/Remote Linux
SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address. The copying procedure stops when a null word is found and no size check is proceeded. NOCVE-9999-65834 Exploits/Remote Windows
SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit Update A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address. The copying procedure stops when a null word is found and no size check is proceeded. NOCVE-9999-65834 Exploits/Remote Windows
Sony Sound Forge Pro MtxParhVegasPreview DLL Hijacking Exploit Sony Sound Forge Pro is prone to a vulnerability that may allow the execution of any library file named MtxParhVegasPreview.dll, if this dll is located in the same folder as a .SFW file. The attacker must entice a victim into opening a specially crafted .SFW file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code. NOCVE-9999-47140 Exploits/Client Side Windows
Sophos AntiVirus PDF Key Lenght Vulnerability Exploit A Buffer Overflow exist in Sophos Antivirus when parsing encrypted revision 3 PDF files by reading the encryption key contents onto a fixed length stack buffer. NOCVE-9999-55894 Exploits/Client Side Mac OS X
Sophos Web Appliance MgrReport blocking Vulnerablity Remote Code Execution Exploit A vulnerability exists in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. By abusing the blockip variable, an attacker can achieve remote code execution. CVE-2016-9553 Exploits/Remote Linux
Sophos Web Protection Appliance sblistpack Command Injection Exploit The /opt/ws/bin/sblistpack Perl script in Sophos Web Protection Appliance, which can be reached from the web interface, is vulnerable to OS command injection because its get_referers() function does not escape the first argument of the script before using it within a string that will be executed as a command by using backticks. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code in the affected appliance with the privileges of the "spiderman" operating system user. A second vulnerability in the Sophos Web Protection Appliance (an OS command injection in the /opt/cma/bin/clear_keys.pl script, which can be executed by the "spiderman" user with the sudo command without password) allows an attacker who successfully compromised the appliance to escalate privileges from "spiderman" to root. CVE-2013-4983 Exploits/Remote Linux
Sorax PDF Reader dwmapi DLL Hijacking Exploit Sorax PDF Reader is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PDF file. NOCVE-9999-49231 Exploits/Client Side Windows
Sothink SWF Decompiler dwmapi DLL Hijacking Exploit Sothink SWF Decompiler is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .FLV file. NOCVE-9999-45993 Exploits/Client Side Windows
Soulseek Server Peer Search Buffer Overflow Exploit The application is prone to a stack-based buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when performing a direct peer file search. CVE-2009-1830 Exploits/Remote Windows
Sparklabs Viscosity Config Path Privilege Escalation Viscosity for Windows suffers from a privilege escalation vulnerability. By abusing the named pipe configuration channel between the client and the underlying service, a local attacker can gain SYSTEM privileges. NOCVE-9999-84440 Exploits/Local Windows