Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
IBM Lotus Domino Accept-Language Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Lotus Domino HTTP server (nHTTP.exe) by sending a specially crafted GET request. CVE-2008-2240 Exploits/Remote Windows
MSRPC Netware Client Buffer Overflow exploit update This module exploits an unchecked buffer in the Client Service for NetWare on Microsoft Windows, and installs an agent (MS05-046). This update adds support for Windows XP. CVE-2005-1985 Exploits/Remote Windows
ActFax RAW Server Buffer Overflow Exploit A vulnerability in ActFax Server RAW server used to transfer fax messages without protocols. Data fields. @F506,@F605, and @F000 are vulnerable. NOCVE-9999-56765 Exploits/Remote Windows
HP SiteScope Remote Code Execution Exploit This module exploits two vulnerabilities in HP SiteScope to gain remote code execution. The first vulnerability is an authentication bypass in the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service to grab the administrator credentials from the server running HP SiteScope. The second vulnerability is a directory traversal in the UploadFileHandler url that allows to upload files to the server into a directory that allows for scripting. NOCVE-9999-54993 Exploits/Remote Windows
HP AutoPass License Server Remote Code Execution Exploit This module exploits a remote code execution vulnerability in HP AutoPass License Server. The CommunicationServlet component in HP AutoPass License Server does not enforce authentication and has a directory traversal vulnerability allowing a remote attacker to execute arbitrary code trough a JSP page uploaded to the vulnerable server. CVE-2013-6221 Exploits/Remote Windows
Kingview SCADA HMI HistorySvr Heap Overflow Exploit KingView Scada is vulnerable to a buffer overflow error in the "HistorySvr.exe" module when processing malformed packets sent to port 777/TCP. CVE-2011-0406 Exploits/Remote Windows
IIS HTR ChunkedEncoding exploit update This update adds support for Windows 2000 SP0 and fixes a reliability issue. The module exploits a vulnerability in the .HTR ISAPI filter in early versions of IIS. CVE-2002-0079 Exploits/Remote Windows
Mercury SMTPD CRAM-MD5 Pre-Auth Buffer Overflow Exploit Update This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 SMTP Server Module (mercurys.dll) when processing arguments to the AUTH CRAM-MD5 command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. This update adds support for DEP (Data Execution Prevention). CVE-2007-4440 Exploits/Remote Windows
Trend Micro Control Manager CmdProcessor.exe AddTask Remote Buffer Overflow Exploit The CmdProcessor.exe service of Trend Micro Control Manager is prone to a stack-based buffer overflow, which can be exploited by remote unauthenticated attackers to execute arbitrary code by sending a specially crafted IPC packet to the vulnerable service. CVE-2011-5001 Exploits/Remote Windows
Iconics Genesis SCADA HMI Genbroker Server Exploit Update The Genesis GenBroker service is listening port 38080 and is affected by integer overflow vulnerabilities while handling crafted packets in opcode 0x4b0. This version improves connection with all methods. NOCVE-9999-47722 Exploits/Remote Windows
Wireshark packet dect Remote Stack Buffer Overflow Exploit A heap-based buffer overflow was found in the DECT dissector of Wireshark. A remote attacker could use this flaw to cause the Wireshark executable to crash or potentially to execute arbitrary code with the privileges of the user running Wireshark. CVE-2011-1591 Exploits/Remote Windows
Symantec Web Gateway PHP Injection Exploit This module exploits a remote code execution vulnerability in Symantec Web Gateway by using a log injection and a local file inclusion to run an arbitrary PHP script. CVE-2012-0297 Exploits/Remote Linux
Schneider Electric Accutech Manager Heap Overflow Exploit This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to execute arbitrary code or crash the server. CVE-2013-0658 Exploits/Remote Windows
Safenet SoftRemote IKE Service Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in the Safenet IKE Service (included in several VPN clients) by sending a specially crafted packet to UDP port 62514. CVE-2009-1943 Exploits/Remote Windows
SNORT SMB Fragmentation Buffer Overflow Exploit Update This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. This update adds support for Redhat Enterprise Linux 4 and FreeBSD 6.2 on Impact 7.5 CVE-2006-5276 Exploits/Remote Linux, FreeBSD
Httpdx Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Httpdx when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2009-3711 Exploits/Remote Windows
Novell ZENworks Configuration Management Preboot Service Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in the Preboot Service component of Novell ZENworks Configuration Management by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
FutureSoft TFTP Server 2000 Buffer Overflow Exploit This module exploits a buffer overflow in FutureSoft TFTP Server, that allows remote attackers to execute arbitrary code via a long malformed filename. CVE-2005-1812 Exploits/Remote Windows
OracleDB DBMS AW.EXECUTE CDA Command Remote Stack Overflow Exploit Update This update fixes a defect the module "OracleDB DBMS AW.EXECUTE CDA Command Remote Stack Overflow Exploit" introduced when the update for "Microsoft Windows Integer Overflow Exploit (MS16-039)" was published. CVE-2014-6567 Exploits/Remote Windows
Yokogawa CENTUM CS 3000 BKCLogSvr Buffer Overflow Exploit Yokogawa CENTUM is prone to a buffer overflow when handling a specially crafted packet through BKCLogSrv.exe on UDP port 52302 CVE-2014-0781 Exploits/Remote Windows
Wordpress W3 Total Cache PHP Remote Code Execution Exploit This module exploits a vulnerability in W3 Total Cache plugin for Wordpress. Certain macros such as mfunc allow to inject PHP code into comments. By injecting a crafted comment into a valid post an attacker can execute arbitrary PHP code on systems running vulnerable installations of W3 Total Cache. CVE-2013-2010 Exploits/Remote Linux
IBM Tivoli Storage Manager FastBack Remote Exploit This module exploits a remote memory corruption on IBM Tivoli Storage Manager FastBack by sending a specially crafted sequence of packets to the affected application. CVE-2010-3061 Exploits/Remote Windows
Citrix Provisioning Services streamprocess Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. NOCVE-9999-46895 Exploits/Remote Windows
mDNSResponder buffer overflow exploit This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent. CVE-2007-2386 Exploits/Remote Mac OS X
WebNMS Framework Server Arbitrary File Upload Vulnerability Exploit A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution. CVE-2016-6600 Exploits/Remote Linux, Windows
CoDeSys SCADA Webserver Buffer Overflow Exploit webserver.exe is a component in 3S CoDeSys for handling the HTTP connections on port 8080. The process is affected by a buffer overflow that copies the input URI in a limited buffer allowing code execution. NOCVE-9999-50546 Exploits/Remote Windows
Conficker Detector Exploit Update This module connects to a remote target via any exposed DCE RPC endpoints and fingerprints them to determine if the machine appears to be compromised by the Conficker worm. This update adds RPT capabilities. NOCVE-9999-37300 Exploits/Remote Windows
EMC AlphaStor Server Agent Buffer Overflow Exploit Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. CVE-2008-2158 Exploits/Remote Windows
Evological EvoCam Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the included web server when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via an overly long GET request. CVE-2010-2309 Exploits/Remote Mac OS X
McAfee ePolicy Orchestrator - Protection Pilot HTTP exploit This module exploits a buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126. CVE-2006-5156 Exploits/Remote Windows