Exploits

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

 

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Category Platform
Novell ZENworks Asset Management Remote Code Execution Exploit

This module exploits a path traversal vulnerability in Novell ZENworks Asset Management.

The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location.

CVE-2010-4229 Exploits/Remote Windows
Novell ZENworks Configuration Management Preboot Service Opcode 0x21 Buffer Overflow Exploit

This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP.

NOCVE-9999-43820 Exploits/Remote Windows
Novell ZENworks Configuration Management Preboot Service Opcode 0x4c Buffer Overflow Exploit

A buffer-overflow vulnerability exists in the PreBoot Service when processing requests containing opcode 0x4c.

CVE-2011-3176 Exploits/Remote Windows
Novell ZENworks Configuration Management Preboot Service Remote Buffer Overflow Exploit

This module exploits a remote stack-based buffer overflow in the Preboot Service component of Novell ZENworks Configuration Management by sending a specially crafted packet to the port 998/TCP.

NOCVE-9999-43820 Exploits/Remote Windows
Novell ZENworks Configuration Management TFTPD Remote DoS

The flaw exists within the novell-tftp.exe component which listens by
default on UDP port 69. When handling a request the process blindly
copies user supplied data into a fixed-length buffer on the heap.

CVE-2010-4323 Denial of Service/Remote Windows
Novell ZENworks Configuration Management UploadServlet Remote Code Execution Exploit

A remote code execution vulnerability in the UploadServlet component of Novell ZENworks Configuration Management allows remote attackers to execute arbitrary code.

CVE-2010-4229 Exploits/Remote Windows
Novell ZENworks Mobile Management Remote Code Execution Exploit

This module exploits a vulnerability in the Novell ZENworks Mobile Management application by injecting code in the PHP session file and leveraging a Local File Inclusion in mdm.php to execute the injected PHP code.

CVE-2013-1081 Exploits/Remote Windows
Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway.

CVE-2008-0871 Exploits/Remote Windows
Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit update

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway.
This version add support for Windows 2003 and all systems with DEP enabled.

CVE-2008-0871 Exploits/Remote Windows
Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit update 2

This package provides an update for the Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit for Impact Professional 7.6

CVE-2008-0871 Exploits/Remote Windows
NTR ActiveX Control Check Method Buffer Overflow Exploit

A buffer overflow vulnerability when handling a url can be exploited via a crafted "bstrParams" parameter passed to the "Check()" method.

CVE-2012-0266 Exploits/Client Side Windows
NTR ActiveX Control StopModule Remote Code Execution Exploit

This module exploits a vulnerability in the ntractivex118.dll module included in the NTRglobal NTR Activex Control application. The exploit is triggered when the StopModule() method processes a crafted argument resulting in a buffer overflow.

CVE-2012-0267 Exploits/Client Side Windows
Nuance PDF Reader dwmapi DLL Hijacking Exploit

Nuance PDF Reader is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PDF file.

NOCVE-9999-46063 Exploits/Client Side Windows
nuBuilder Remote File Inclusion Exploit

Report.php fails to sanitize user input data on StartingDirectory parameter when used in an include.

NOCVE-9999-44562 Exploits/Remote File Inclusion/Known Vulnerabilities
Numark Cue M3U Buffer Overflow Exploit

Numark Cue contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Numark Cue when handling .M3U files.

CVE-2008-4470 Exploits/Client Side
Nuxeo Platform CMS Directory Traversal Vulnerability JSP File Upload Exploit

This module uses a directory traversal vulnerability in the file import feature in Nuxeo Platform CMS to upload a JSP to gain arbitrary code execution on the affected system.

CVE-2017-5869 Exploits/Remote File Inclusion/Known Vulnerabilities
NVIDIA DxgDdiEscape Handler Privilege Escalation Exploit

NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges.

CVE-2016-7387 Exploits/Local Windows
NVIDIA DxgDdiEscape Handler Privilege Escalation Exploit Update

NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges. This update add reliability and speed to the attack.

CVE-2016-7387 Exploits/Local Windows
NVIDIA RealityServer Web Services RTMP Server DoS

This module exploits a NULL pointer dereference in NVIDIA Reality Server Software, when a crafted package is send to port 1935.

NOCVE-9999-48568 Denial of Service/Remote Windows
NVIDIA Stereoscopic 3D Driver Service Privilege Escalation

This module will exploit a vulnerability in the NVIDIA Stereoscopic 3D Driver Service. It will wait for users to login on the target system, installing agents for every user, until being able to install an agent for a user in the Built In Administrators group.

CVE-2015-7865 Exploits/Local Windows
Omni-NFS Enterprise FTP Server Buffer Overflow Exploit

This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests.

CVE-2006-5792 Exploits/Remote Windows
Omni-NFS Enterprise FTP Server Buffer Overflow Exploit Update

This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests.
This update add CVE.

CVE-2006-5792 Exploits/Remote Windows
Omni-NFS Server NFSD Stack Buffer Overflow Exploit

A buffer overflow exist in nfsd.exe in XLink Omni-NFS Server and allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd).

CVE-2006-5780 Exploits/Remote Windows
One Link Multiple Clientsides Modules Update

This update adds support for several additional ActiveX exploits.

CVE-2009-1612 Exploits/Client Side Windows
OP5 license Remote Code Execution Exploit

op5 Appliance contains an input validation flaw related to the system-portal component that allows a remote attacker to execute arbitrary shell commands via command injection.

CVE-2012-0261 Exploits/Remote Code Execution
OpenBSD DHCP Remote DoS

This module exploits a vulnerability in DHCP Server in OpenBSD. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This cause a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278.

This module, if successfull, will leave the service (dhcpd) unavailable.

CVE-2007-5365 Denial of Service/Remote Linux, OpenBSD
OpenBSD DHCP Remote DoS Update

This module exploits a vulnerability in DHCP Server in OpenBSD. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This cause a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278.

CVE-2007-5365 Denial of Service/Remote Linux, OpenBSD
OpenBSD getsockopt() Privilege Escalation Exploit

A local user can invoke the getsockopt call with certain options to execute arbitrary code and gain privileged access.

NOCVE-9999-41144 Exploits/Local OpenBSD
OpenBSD IPv6 mbuf Remote Exploit

This module exploits a buffer overflow vulnerability in the OpenBSD kernel; the exploit uses fragmented ICMPv6 packets to take complete control of a target system.

CVE-2007-1365 Exploits/Remote OpenBSD
OpenBSD PF IP Fragment Remote DoS

This module exploits a OpenBSD's PF remote denial-of-service vulnerability. This issue is due to a flaw in affected kernels that results in a kernel crash when attempting to normalize IP fragments.

CVE-2006-0381 Denial of Service/Remote OpenBSD