Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates
When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.
Use the controls below to navigate Core Impact exploits and other modules.
Title | Description | Vulnerabilty | Category | Platform |
---|---|---|---|---|
Microsoft Windows MS-DOS Device Name Privilege Escalation Exploit(MS15-038) | An elevation of privilege vulnerability exists when Windows kernel does not properly constrain impersonation levels. The vulnerability occurs because a user can place symlinks for the system drives in the per-login session device map and the kernel will follow them during impersonation. An attacker who successfully exploited this vulnerability may, for example, redirect a call to LoadLibrary, from a system service (when impersonating), to an arbitrary location. |
CVE-2015-1644 | Exploits/Local | Windows |
Borland AccuRev Reprise License Server edit_lf_process Write Arbitrary Files Exploit | The specific flaw exists within the edit_lf_process resource of the AccuRev Reprise License Manager service. The issue lies in the ability to write arbitrary files with controlled data. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. |
NOCVE-9999-74481 | Exploits/Remote | Windows |
SquirrelMail map_yp_alias Command Injection Exploit Update | The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This module works if map:map_yp_alias is set as the imap server address in config.php, which is not the default setting. This update improves os detection and adds runtime cost. |
CVE-2009-1579 | Exploits/Remote | Solaris, AIX, Linux |
WordPress Landing Pages Plugin Remote Command Execution | This update introduces an OS Command Injection Exploit for the "Wordpress Landing Pages" plugin. |
CVE-2015-5227 | Exploits/OS Command Injection/Known Vulnerabilities | Linux |
Apache ActiveMQ Path Traversal Exploit | This update introduces an exploit for Apache ActiveMQ. The vulnerable versions present a path traversal vulnerability in default instalations that allows writing files to arbitrary filesystem locations, with the permissions of the user running the ActiveMQ process. This module leverages the vulnerability to install an agent. This exploit doesn't require authentication. The vulnerability is only present when the application is running in a Windows system. |
CVE-2015-1830 | Exploits/Remote | Windows |
Linux apport Race Condition Privilege Escalation Exploit Update | This module exploits a vulnerability in the Linux apport application. The apport application can be forced to drop privileges to uid 0 and write a corefile anywhere on the system. This can be used to write a corefile with crafted contents in a suitable location to gain root privileges. This updates improves the way some files are cleaned up after a failed exploitation attempt. |
CVE-2015-1325 | Exploits/Local | Linux |
Microsoft Office Malformed EPS File Vulnerability Exploit Update (MS15-099) | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability." |
CVE-2015-2545 | Exploits/Client Side | Windows |
Adobe Acrobat Pro Multiple Vulnerabilities Exploit | A specially crafted argument to makeMeasurement will leave objects in an inconsistent state and can produce a Buffer Overflow. This data can later be retrieved via a call to dumpMeasureData. |
CVE-2015-4447 | Exploits/Client Side | Windows |
Microsoft Windows Win32k Cursor Object Double Free Vulnerability DoS (MS15-010) Update | This module exploits a double free vulnerability in win32k.sys, allowing an unprivileged local user to cause a BSOD. This update improves the post exploitation target information to include the CVE. |
CVE-2015-0058 | Denial of Service/Local | Windows |
Symantec Endpoint Protection Manager Authentication Bypass Exploit | This module exploit three different vulnerabilities in Symantec Endpoint Protection Manager (SEPM) in order to install an agent on a vunlerable target machine. CVE-2015-1486 allows unauthenticated attackers access to SEPM. CVE-2015-1487 allows reading and writing arbitrary files, resulting in the execution of arbitrary commands with 'NT Service\semsrv' privileges. CVE-2015-1489 allows the execution of arbitrary OS commands with 'NT Authority\SYSTEM' privileges. |
CVE-2015-1486 | Exploits/Remote | Windows |
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update | This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to Windows 8 and Windows 2012. |
CVE-2015-2426 | Exploits/Local | Windows |
Microsoft Windows SMB Memory Corruption Vulnerability DoS (MS15-083) | This module exploits an integer overflow in srvnet.sys Windows driver by sending a crafted SMB request to the Windows SMB Server. |
CVE-2015-2474 | Denial of Service/Remote | Windows |
VMware Workstation Printer Escape Vulnerability Exploit Update | This module exploits a vulnerability in the VMware Printer virtual device from the guest OS and install an agent in the host computer. This update adds support to more VMware versions and improves the agent connection reliability from the host computer. |
CVE-2015-2336 | Exploits/Local | Windows |
Adobe Flash Player AS3 Function.apply Integer Overflow Exploit | This module exploits an integer overflow vulnerability in Adobe Flash Player. The signed integer overflow exists inside the AS3 Function.apply() method and allows an attacker to take control of a vulnearble target and execute arbitrary code. |
CVE-2015-3087 | Exploits/Client Side | Windows |
Microsoft Office Malformed EPS File Vulnerability Exploit (MS15-099) | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability." |
CVE-2015-2545 | Exploits/Client Side | Windows |
Adobe Acrobat Pro AFParseDate Javascript API Restrictions Bypass Exploit | Certain Javascript APIs in Adobe Acrobat Pro can only be executed in a privileged context. By adding specially crafted Javascript code to a PDF file it's possible to bypass security restrictions and invoke privileged Javascript APIs, allowing for arbitrary code execution. |
CVE-2015-3073 | Exploits/Client Side | Windows |
HP Storage Data Protector MSG_PROTOCOL Buffer Overflow Exploit Update | This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. This update improves exploit reliability. |
CVE-2007-2280 | Exploits/Remote | Windows |
Magento eCommerce Web Sites Remote Code Execution Exploit | Magento eCommerce Web Sites suffers from a Authentication Bypass Vulnerability, a Blind SQL Injection Vulnerability and a Remote File Inclusion Vulnerability. These 3 vulnerabilities, allows an attacker to gain arbitrary code execution on the affected system. |
CVE-2015-1397 | Exploits/Authentication Weakness/Known Vulnerabilities | |
FortiClient Weak IOCTL mdare Driver Local Privilege Escalation Exploit | FortiClient is prone to a privilege-escalation vulnerability that affects mdare64_48.sys, mdare32_48.sys, mdare32_52.sys, mdare64_52.sys and Fortishield.sys drivers. |
CVE-2015-5737 | Exploits/Local | Windows |
Zimbra Collaboration Server skin Local File Include Exploit Update | Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent. This update workarounds a problem when proxying and using HTTPSConnection. |
CVE-2013-7091 | Exploits/Remote | Linux |
Adobe Reader X AdobeCollabSync Buffer Overflow Sandbox Bypass Exploit Update | This module allows an agent running in the context of AcroRd32.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. This update fixes an issue related to highlight preconditions when running against x86-64 targets. |
CVE-2013-2730 | Exploits/Local | Windows |
Microsoft Windows OLE Package Manager Code Execution Exploit (MS14-064) | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document. |
CVE-2014-6352 | Exploits/Client Side | Windows |
IBM Tivoli Storage Manager FastBack Server GetJobByUserFriendlyString Exploit | The specific flaw exists within the JOB_S_GetJobByUserFriendlyString function. By sending a crafted packet on TCP port 11460 |
CVE-2015-1930 | Exploits/Remote | Windows |
SolarWinds Firewall Security Manager userlogin Exploit | Solarwinds FSM is vulnerable to an authentication bypass in userlogin.jsp that allows attacker to upload an agent via a weekness in the username atribute in settings-new.jsp allowing us to install an agent. |
CVE-2015-2284 | Exploits/Remote | Windows |
Linux libuser passwd file handling Privilege Escalation Exploit | A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root. |
CVE-2015-3246 | Exploits/Local | Linux |
Usermin Email Signature Command Injection Exploit | The Usermin Control Panel is vulnerable to command injection due to the function get_signature in usermin/mailbox/mailbox-lib.pl, which calls open() without any prior validation. This vulnerability allows authenticated users to execute arbitrary code on the affected Usermin versions. |
CVE-2015-2079 | Exploits/Remote | Solaris, Linux |
SolarWinds Application Monitor TSUnicodeGraphEditorControl factory Buffer Overflow Exploit Update | The specific flaw exists within the 'factory' object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. |
CVE-2015-1500 | Exploits/Client Side | Windows |
Microsoft Windows Group Policy Remote Code Execution Vulnerability Exploit (MS15-011) Update | This module exploits, via a "Man In The Middle" attack, a security flaw in the Domain Controller policies downloaded by clients during the logging process This update adds support to Windows 8.1 and Windows 2012 R2 and improves the network stability. |
CVE-2015-0008 | Exploits/Remote | Windows |
QEMU Floppy Disk Controller fdctrl_handle_drive_specification_command Virtual Machine Escape Exploit (VENOM) Update | The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system. This update adds support for exploiting 64-bit guest systems. |
CVE-2015-3456 | Exploits/Local | Linux |
Microsoft Windows Win32k ClientCopyImage Privilege Escalation Exploit(MS15-051) | An elevation of privilege vulnerability exists when the Win32k.sys kernel-mode driver improperly handles objects in memory. The vulnerability exists in the Windows OS process of creating windows for applications. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. |
CVE-2015-1701 | Exploits/Local | Windows |