CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.19.2011 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 5 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds reliability when exploiting all supported platforms. CVE-2008-4250 Exploits/Remote Windows
05.18.2010 Vermillion FTP Daemon Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. This update fix the Connect to connection method. NOCVE-9999-41966 Exploits/Remote Windows
09.28.2008 HP OpenView Ovalarmsrv Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the ovalarmsrv module of the HP OpenView Network NodeManager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 2954/TCP of the vulnerable system and installs an agent if successful. This module works disabling DEP on Windows 2003 Enterprise Edition sp2 in the context of the vulnerable application. CVE-2008-1851 Exploits/Remote Windows
11.04.2012 HP Data Protector Express Create New Folder Buffer Overflow Exploit HP Data Protector Express is prone to a buffer-overflow when handling folder names in an insecure way by the dpwindtb.dll component. CVE-2012-0124 Exploits/Remote Windows
07.25.2011 Zend Server Java Bridge Design Flaw Remote Code Execution Exploit This module exploits a vulnerability in Java Bridge component of Zend Server. NOCVE-9999-47690 Exploits/Remote Windows, Linux, Mac OS X
11.14.2007 HP Linux Imaging and Printing exploit for Impact 7.5 A vulnerability has been identified in HP Linux Imaging and Printing System (HPLIP), which could be exploited by local attackers to obtain elevated privileges. This issue is caused by input validation errors in the hpssd daemon that does not validate user-supplied data before being passed to a popen3() call, which could be exploited by malicious users to inject and execute arbitrary commands with root privileges. This package include local and remote versions of the exploit. CVE-2007-5208 Exploits/Remote Linux, FreeBSD
10.27.2013 TinyWebGallery Remote Code Execution Exploit Update This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code. This update fixes some issues related with an updated library. Support for various platforms was added. CVE-2009-1911 Exploits/Remote Windows, Solaris, Linux
02.05.2013 Exploit Description Update This update modifies the description in the file header. CVE-2008-1611 Exploits/Remote Windows
06.12.2007 Apache Tomcat buffer overflow exploit This module exploits a buffer overflow vulnerability in the Apache Tomcat JK Web Server Connector and installs an agent. An attacker can use an overly long URL to trigger a buffer overflow in the URL work map routine (map_uri_to_worker()) in the mod_jk.so library, resulting in the compromise of the target system. CVE-2007-0774 Exploits/Remote Linux
08.08.2011 Citrix Provisioning Services streamprocess Remote Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. This update fixes an issue in the agent connector. NOCVE-9999-46895 Exploits/Remote Windows
06.01.2010 HP OpenView NNM snmpviewer CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the snmpviewer.exe CGI application, a component of HP OpenView Network Node Manager, by sending an HTTP request with an invalid value for the act and app parameters. CVE-2010-1552 Exploits/Remote Windows
11.05.2008 Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit update 2 This package provides an update for the Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit for Impact Professional 7.6 CVE-2008-0871 Exploits/Remote Windows
06.11.2014 WellinTech KingSCADA AEServer Buffer Overflow Exploit The KingSCADA application has a stack-based buffer overflow vulnerability where the application overwrites the structured exception handler (SEH). An attacker could send a specially crafted packet to KingSCADA, and the application would handle the packet incorrectly, causing a stack-based buffer overflow. CVE-2014-0787 Exploits/Remote Windows
01.17.2008 Synce Command injection exploit update This update adds the vulnerability name to reports. CVE-2008-1136 Exploits/Remote FreeBSD, Linux
12.12.2007 MSRPC Message Queuing Service MS07-065 Exploit The windows Message Queuing Service is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-3039 Exploits/Remote Windows
12.22.2008 CesarFTP MKD Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long MKD commands. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the CesarFTP process. CVE-2006-2961 Exploits/Remote
12.04.2012 VCMS Image Arbitrary Upload Exploit A unrestricted file upload vulnerability exists in includes/inline_image_upload.php within AutoSec Tools V-CMS 1.0. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in temp. CVE-2011-4828 Exploits/Remote Solaris, Linux, Windows, Mac OS X
03.04.2010 OpenX Remote Code Execution Exploit The vulnerability is caused due to the banner-edit.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script that contains the GIF magic number. CVE-2009-4098 Exploits/Remote Solaris, Linux, Mac OS X
07.23.2012 FlexNet License Server Manager lmgrd Buffer Overflow Exploit A stack buffer overflow exist in FlexNet License Server Manager due to the insecure usage of memcpy in the lmgrd service when handling crafted network packets. NOCVE-9999-52540 Exploits/Remote Windows
01.16.2014 MongoDB mongoFind Uninitialized Memory Exploit Update The mongo::mongoFind method in MongoDB makes use of uninitialized memory. A remote attacker can fill that memory address with controlled data and then call the vulnerable function in order to execute arbitrary code on the affected server. This update adds the CVE number. CVE-2013-3969 Exploits/Remote Linux
08.12.2013 Apache Struts 2 DefaultActionMapper redirect Remote Code Execution Exploit The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework. CVE-2013-2251 Exploits/Remote Windows, Linux, Mac OS X
11.30.2011 SugarCRM Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms CVE-2009-2146 Exploits/Remote Linux, Solaris, Mac OS X
04.22.2013 3S CoDeSys Gateway Server Arbitrary File Upload Exploit 3S Codesys Gateway Server is prone to a directory traversal vulnerability that allows arbitrary file creation. CVE-2012-4705 Exploits/Remote Windows
11.17.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 2 This module exploits a vulnerability in the Microsoft Windows Server service sending a specially crafted RPC request. This update adds support for Windows 2003 Enterprise Edition sp2 with DEP enabled. CVE-2008-4250 Exploits/Remote Windows
11.28.2006 MSRPC WKSSVC NetpManageIPCConnect exploit A remote code execution vulnerability exists in the Workstation service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. CVE-2006-4691 Exploits/Remote Windows
06.07.2011 Oracle VM Server Virtual Server Agent Command Injection Exploit By including shell meta characters within the second parameter to the 'urt_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root privileges. CVE-2010-3585 Exploits/Remote Linux
08.26.2012 Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow Exploit Ricoh DC's DL-10 SR10 FTP Server is prone to a buffer-overflow vulnerability when handling data through the USER command. This can be exploited by supplying a long string of data to the affected command. NOCVE-9999-53623 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service deleteReportFilter Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. CVE-2011-1653 Exploits/Remote Windows
04.24.2008 Veritas Backup Exec exploit Update This module exploits a stack-based buffer overflow in the Agent Browser in VERITAS Backup Exec 7.3, 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, to install an agent on the target box. This update improves reliability for 8.x versions. CVE-2004-1172 Exploits/Remote Windows
09.15.2013 FreeFTPd PASS Command Buffer Overflow Exploit FreeFTPd is prone to a buffer overflow when handling an overly long PASS command. NOCVE-9999-59669 Exploits/Remote Windows

Pages