Impact Professional | Core Security

An integer overflow in OLE allows remote code execution. This update contains a module exploiting the vulnerability by hosting a web site and epxloiting connecting Internet Explorer browsers.

This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds support for Windows XP sp0 and sp1.

This update includes a module implementing a DHCP server that'll attack querying hosts using the GNU Bash Environment Variables Injection vulnerability.

This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.

This update adds support for Windows 8, Windows 8.1 and Windows 2012 platforms.

This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine.

This update adds support for Apache Struts 2.3.16, Windows (x86 and x64) and Linux (x64) platforms.

OpenSSL is susceptible to a buffer overflow vulnerability. This issue allows remote attackers to crash a vulnerable server.

This module exploits a buffer overflow vulnerability in OpenSSL by sending a crafted packet to port 10161, causing a denial of service effect.

This update fixes an issue in the dynamic_fork mem_execute implementation used by some privilege escalation exploits.

This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.

This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704).

Subscribe to Impact Professional

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum