Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
Blue Coat Systems WinProxy Exploit This module exploits a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy. CVE-2005-4085 Exploits/Remote Windows
Reprise License Manager edit_lf_process Write Arbitrary Files Exploit Update 3 The specific flaw exists within the edit_lf_process resource of the Reprise License Manager service. The issue lies in the ability to write arbitrary files with controlled data. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. This update introduces more accurate information about vulnerable targets. NOCVE-9999-74481 Exploits/Remote Windows
IBM Tivoli Storage Manager FastBack Server GetJobByUserFriendlyString Exploit The specific flaw exists within the JOB_S_GetJobByUserFriendlyString function. By sending a crafted packet on TCP port 11460 CVE-2015-1930 Exploits/Remote Windows
Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit update 2 This package provides an update for the Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit for Impact Professional 7.6 CVE-2008-0871 Exploits/Remote Windows
Exploit Description Update This update modifies the description in the file header. CVE-2008-1611 Exploits/Remote Windows
Apache Tomcat buffer overflow exploit This module exploits a buffer overflow vulnerability in the Apache Tomcat JK Web Server Connector and installs an agent. An attacker can use an overly long URL to trigger a buffer overflow in the URL work map routine (map_uri_to_worker()) in the mod_jk.so library, resulting in the compromise of the target system. CVE-2007-0774 Exploits/Remote Linux
ABB MicroSCADA Wserver Buffer Overflow Exploit This vulnerability is a buffer overflow and allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver without authentication. The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack buffer ovreflow. NOCVE-9999-61094 Exploits/Remote Windows
Exchange CDO Calendar PreEnum exploit This module exploits a stack based buffer overflow handling the mail headers in the OWA (Outlook Web Access) service when processing meeting requests of Exchange Server clients (MS06-019). CVE-2006-0027 Exploits/Remote Windows
Sunway Force Control SCADA SMNP NetDBServer Buffer Overflow Exploit A stack based buffer overflow in the SNMP NetDBServer service of Sunway Forcecontrol is triggered when sending an overly long string to the listening service on port 2001. NOCVE-9999-51166 Exploits/Remote Windows
Apache ActiveMQ Path Traversal Exploit This update introduces an exploit for Apache ActiveMQ. The vulnerable versions present a path traversal vulnerability in default instalations that allows writing files to arbitrary filesystem locations, with the permissions of the user running the ActiveMQ process. This module leverages the vulnerability to install an agent. This exploit doesn't require authentication. The vulnerability is only present when the application is running in a Windows system. CVE-2015-1830 Exploits/Remote Windows
CesarFTP MKD Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long MKD commands. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the CesarFTP process. CVE-2006-2961 Exploits/Remote none
Xoops mydirname Remote Code Execution Exploit Update This update adds support for Solaris platform. NOCVE-9999-38580 Exploits/Remote Solaris, Linux
Citrix Provisioning Services streamprocess Remote Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. This update fixes an issue in the agent connector. NOCVE-9999-46895 Exploits/Remote Windows
IBM Cognos Server Backdoor Account Remote Exploit This module exploits a remote code execution vulnerability in IBM Cognos Express by using an undocumented user account to upload an arbitrary .WAR file. CVE-2010-0557 Exploits/Remote Windows
Zavio Camera RTSP Video Stream Unauthenticated Access Exploit The RTSP protocol authentication in the Zavio F3105 IP camera is disabled by default. This configuration error allows remote attackers to access the live video stream without being asked for credentials. CVE-2013-2569 Exploits/Remote none
Trend Micro OfficeScan Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Trend Micro OfficeScan Corporate Edition when processing passwords with cgiChkMasterPwd.exe vulnerable module. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. CVE-2008-1365 Exploits/Remote Windows
Jenkins JRMP Java Library Deserialization Vulnerability Remote Code Execution Exploit The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. CVE-2016-0788 Exploits/Remote Windows, Linux
Kingview SCADA HMI HistorySvr Heap Overflow Exploit Update KingView Scada is vulnerable to a buffer overflow error in the HistorySvr.exe module when processing malformed packets sent to port 777/TCP. This update adds new indirection using shell32.dll version 6.0.0.2900.5512. CVE-2011-0406 Exploits/Remote Windows
MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 2 This module exploits a vulnerability in the Microsoft Windows Server service sending a specially crafted RPC request. This update adds support for Windows 2003 Enterprise Edition sp2 with DEP enabled. CVE-2008-4250 Exploits/Remote Windows
IBM Tivoli Storage Manager FastBackMount GetVaultDump Buffer Overflow Exploit The specific flaw exists within FastBackMount.exe which listens by default on TCP port 30051. When handling opcode 0x09 packets, the process blindly copies user supplied data into a stack-based buffer within CMountDismount::GetVaultDump. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. CVE-2015-0119 Exploits/Remote Windows
Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit Update 2 This module exploits a heap overflow vulnerability in Samba Server by sending a crafted request packet via DCERPC call. This update adds support to Debian 5 (32 bits and 64 bits). CVE-2012-1182 Exploits/Remote Linux
Wireshark PROFINET Dissector Format String Exploit Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. CVE-2009-1210 Exploits/Remote Windows
EZHomeTech EzServer Buffer Overflow Exploit EzServer is prone to a buffer-overflow when handling packets with an overly long string. NOCVE-9999-52789 Exploits/Remote Windows
IBM Lotus Domino NSFComputeEvaluateExt Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in IBM Lotus Domino by sending a specially crafted HTTP request to the Web Administration Interface. NOCVE-9999-48010 Exploits/Remote Windows
Microsoft Windows SMTP Server DNS Response Field Validation DNS Spoofing Vulnerability Exploit (MS10-024) This module exploits a vulnerability on smtpsvc.dll spoofing responses from a DNS Server and deflecting emails sent to an arbitrary domain. CVE-2010-1690 Exploits/Remote Windows
MSRPC DCOM Exploit Update This update improves the reliability of the exploit when using Reuse Connection method. CVE-2003-0352 Exploits/Remote Windows
MySQL MaxDB WebTool GET Request Buffer Overflow Exploit This module exploits a stack buffer overflow in the MySQL MaxDB WebTool Server and installs a level0 agent. CVE-2005-0684 Exploits/Remote Windows
IBM Lotus Sametime StMux Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Community Services Multiplexer (StMux.exe) by requesting a specially crafted URL. CVE-2008-2499 Exploits/Remote Windows
Avaya IP Office Customer Call Reporter ImageUpload Exploit The specific flaw exists because Avaya IP Office Customer Call Reporter allows to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are saved has no scripting restrictions. CVE-2012-3811 Exploits/Remote Windows
IBM Cognos tm1admsd Multiple Operations Buffer Overflow Exploit This vulnerability exists within the tm1admsd.exe component Of IBM Cognos TM1. This process listens on TCP port 5498 by default. Multiple opcodes fail to validate user supplied length and data fields before copying their contents to a fixed length buffer on the stack. CVE-2012-0202 Exploits/Remote Windows