Core Impact Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Novell File Reporter NFRAgent FSFUI Record File Upload Exploit This module exploits a Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter. This allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037. CVE-2012-4959 Exploits/Remote Windows
MSRPC WKSSVC NetpManageIPCConnect Exploit update This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.0 to 7.5 of the framework. CVE-2006-4691 Exploits/Remote Windows
Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) Update This update add support to Microsoft Windows 2000 SP4 Professional, Server, Advanced Server and Windows 2003 SP0 Standard Edition and Enterprise Edition. CVE-2008-4038 Exploits/Remote Windows
CoDeSys SCADA Webserver Buffer Overflow Exploit webserver.exe is a component in 3S CoDeSys for handling the HTTP connections on port 8080. The process is affected by a buffer overflow that copies the input URI in a limited buffer allowing code execution. NOCVE-9999-50546 Exploits/Remote Windows
WFTPD Server SIZE Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "SIZE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the WFTPD Server process. CVE-2006-4318 Exploits/Remote none
Wireshark PROFINET Dissector Format String Exploit Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. CVE-2009-1210 Exploits/Remote Windows
MSRPC RRAS Exploit This module exploits a stack overflow in the Windows Routing and Remote Access Service (MS06-025) CVE-2006-2370 Exploits/Remote Windows
ASN.1 Bit String SPNEGO exploit Update Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten. This update modifies the runtime value for this exploit. CVE-2003-0818 Exploits/Remote Windows
CVS pserver Directory Command Double free() Exploit Update By sending a malformed 'Directory' request it is possible to create a condition where free() is called on memory that is still in use. This can result in an exploitable condition when free() is called on the memory chunk a second time. The agent installed by this exploit runs with administrative privileges. This update improve the exploit reliability. CVE-2003-0015 Exploits/Remote Linux
Oracle VM Server Virtual Server Agent Command Injection Exploit By including shell meta characters within the second parameter to the 'urt_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root privileges. CVE-2010-3585 Exploits/Remote Linux
Sysax Multi Server SSH Username Buffer Overflow Exploit This module exploits a stack based buffer overflow on Sysax Multi Server when parsing an overly long username at the beginning of an SSH session. NOCVE-9999-51516 Exploits/Remote Windows
Elastix PBX Remote PHP Injection Exploit This module exploits a remote PHP code injection vulnerability in Elastix PBX by uploading a renamed PHP file and leveraging a local file inclusion vulnerability to execute the PHP file. It also exploits a bad configuration in the /etc/sudoers file to elevate privileges from 'asterisk' user to 'root'. NOCVE-9999-56369 Exploits/Remote Linux
Microsoft Office SharePoint Server 2007 Document Conversions Exploit Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082 CVE-2010-3964 Exploits/Remote Windows
HP OpenView Ovalarmsrv Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the ovalarmsrv module of the HP OpenView Network NodeManager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 2954/TCP of the vulnerable system and installs an agent if successful. This module works disabling DEP on Windows 2003 Enterprise Edition sp2 in the context of the vulnerable application. CVE-2008-1851 Exploits/Remote Windows
SAdminD Buffer Overflow Exploit This modules exploits a stack buffer overflow of the sadmind daemon, and installs an agent as root. CVE-2008-4556 Exploits/Remote Solaris
Novell eDirectory HTTP Protocol exploit This module exploits a buffer overflow in Novell eDirectory HTTP Protocol. CVE-2006-5478 Exploits/Remote Windows
Jenkins XStream Java Library Deserialization Vulnerability Remote Code Execution Exploit Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. There are several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. CVE-2016-0792 Exploits/Remote Windows, Linux
Kerberos Checksum Remote Privilege Escalation Exploit (MS14-068) A vulnerability in Microsoft's implementation of the Kerberos authentication protocol allows to modify a Kerberos ticket to remotely escalate privileges. This module exploits the vulnerability impersonating a user of the domain's Administrators group to install an agent in the domain controller with System privileges. This update introduces the option to use NTLM hashes for authentication and Network RPT-AP integration. CVE-2014-6324 Exploits/Remote Windows
Disk Pulse Server GetServerInfo Request Buffer Overflow Exploit A vulnerability exists in the way Disk Pulse Server v2.2.34 process a remote clients "GetServerInfo" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. NOCVE-9999-45456 Exploits/Remote Windows
OracleDB AUTH_SESSKEY Remote Buffer Overflow Exploit This module exploits a vulnerability in the Oracle Database Server. The vulnerability is triggered when the server processes a long string inside the AUTH_SESSKEY property resulting in a stack-based buffer overflow. CVE-2009-1979 Exploits/Remote Windows
Joomla 1.5.12 Remote Code Execution Exploit A vulnerability exists in the TinyMCE editor, included in the tiny browser plugin, which allows uploading files without authentication. This can be exploited to upload files with multiple extensions and execute arbitrary PHP code. NOCVE-9999-39524 Exploits/Remote Solaris, Linux, Windows
telnetd solaris -f root exploit This is a remote exploit for an Authentication bypass vulnerability present in telnetd daemon for Solaris 10. CVE-2007-0882 Exploits/Remote Solaris
HP SiteScope Remote Code Execution Exploit This module exploits two vulnerabilities in HP SiteScope to gain remote code execution. The first vulnerability is an authentication bypass in the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service to grab the administrator credentials from the server running HP SiteScope. The second vulnerability is a directory traversal in the UploadFileHandler url that allows to upload files to the server into a directory that allows for scripting. NOCVE-9999-54993 Exploits/Remote Windows
Improvements to Bash Environment Variable Injection Exploits This update add verification for CVE-2014-6278 to all available attack vectors. CVE-2014-6271 Exploits/Remote Solaris, Linux
MSRPC MSMQ Buffer Overflow exploit This module exploits a buffer overflow in the Message Queuing component of Microsoft Windows allowing remote attackers to execute arbitrary code via a crafted message and installing an agent. CVE-2005-0059 Exploits/Remote Windows
MSRPC DCOM Exploit Update 2 This Update adds MS03-026 in XML. CVE-2003-0352 Exploits/Remote Windows
HP Intelligent Management Center mibFileUpload Servlet Remote Exploit This module exploits a remote code execution vulnerability in HP Intelligent Management Center by using the "mibFileUpload" servlet to upload an arbitrary .JSP file. CVE-2012-5201 Exploits/Remote Windows, Linux
OpenSSL TLS Heartbeat Read Overrun Memory Disclosure Exploit Update A missing boundary check in the TLS Heartbeat extension in OpenSSL can be abused by remote attackers to read up to 64 kb of memory from the server. This memory disclosure vulnerability can be used by remote unauthenticated attackers to obtain sensitive information from the affected server, including private keys and session cookies. This update adds features to the module, like the ability to read 64 kb of data from vulnerable services, reporting the results in the Module Output window, and saving the memory dumps to disk. It also improves the compatibility with OpenSSL services and adds support for FTPS. CVE-2014-0160 Exploits/Remote Linux
Zimbra Collaboration Server skin Local File Include Exploit Update Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent. This update workarounds a problem when proxying and using HTTPSConnection. CVE-2013-7091 Exploits/Remote Linux
DATAC RealWin ADDTAGMS Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_CTAGLIST_FCS_ADDTAGMS packets with an overly long string. CVE-2011-1563 Exploits/Remote Windows