E-SPIN pleased to announce Core Security official release of Core Impact Pro 2016 R1.2. More than 46 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. The team has been working on several privilege escalations, a number of remote exploits for widely deployed software, and numerous enhancements. This release includes:
- 14 remote exploits, including modules for Drupal, JBoss, OracleDB, phpMyAdmin and Ruby on Rails.
- 7 client side exploits, including modules for Microsoft Internet Explorer and Wireshark.
- 5 local exploits, with 4 modules targeting Microsoft Windows and 1 targeting Linux.
- Enhancements for numerous exploits.
- Updates in the CVE association to our exploits.
- Updates to our Metasploit Integration.
- Several general updates.
Here is the complete list of published modules: Remote Exploits
- ActiveMQ STOMP Protocol Unsafe Deserialization Exploit
- Cisco Prime Infrastructure Java Object Deserialization Remote Code Execution Exploit
- Disk Pulse Enterprise Server POST Request Buffer Overflow Exploit
- Drupal RESTWS Module PHP Remote Command Injection Exploit
- Eaton ELCSoft ELCSimulator Buffer Overflow Exploit
- JBoss EJBInvokerServlet Java Deserialization Vulnerability Remote Code Execution Exploit
- OpenNMS Platform Java Object Deserialization Remote Code Execution Exploit
- OracleDB DBMS AW.EXECUTE CDA Command Remote Stack Overflow Exploit Update
- OracleDB TNS Listener Remote Poisoning Vulnerability Exploit Update
- phpMyAdmin Post Auth Remote Code Exploit
- Ruby on Rails Action Pack Inline Exec Exploit
- SugarCRM REST Unserialize PHP Exploit
- Reprise License Manager akey Buffer Overflow Vulnerability
- WebNMS Framework Server Arbitrary File Upload Vulnerability Exploit
Client Side Exploits
- IBM Lotus Quickr For Domino qp2 ActiveX Control Heap Overflow Exploit Update
- Microsoft Internet Explorer Typed Array Detached ArrayBuffer Use-After-Free Exploit (MS16-063)
- Microsoft Windows CreateSizedDIBSECTION Thumbnail View Buffer Overflow Exploit Update
- Microsoft Windows WPAD BadTunnel Exploit (MS16-077)
- Rockwell Automation Connected Components Workbench Arbitrary Write Exploit
- Schneider Electric SoMachine HVAC AxEditGrid ActiveX Exploit
- Wireshark riched20 DLL Hijacking Exploit
Local Exploits
- Linux Kernel netfilter target_offset Privilege Escalation Exploit
- Microsoft Windows MRXDAV.SYS WebDav Privilege Escalation Exploit (MS16-016)
- Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Exploit (MS16-098)
- Samsung Security Manager Apache Felix Gogo Vulnerability Local Privilege Escalation Exploit
- Symantec Endpoint Manager PowerPoint Misaligned Stream-Cache Privilege Escalation Exploit
Maintenance
- CVE Database Update
- Identity Verifiers Update
- Imports Update
- Install Agent using ssh Update
- Metasploit Integration Update
- Runtime Obfuscation for Adobe Flash Exploits
- Supported services list update
For more information on Core Impact Pro 2016 R1.2 please contact E-SPIN for your requirement.