[Canvas] D2 Elliot, September 2014
DSquare Security
sales at d2sec.com
Thu Sep 25 18:03:32 EDT 2014
D2 Elliot has been updated with tons of new modules and features. With more
than 30 new web exploits you have now 400 exploits available in D2 Elliot.
Payloads have been improved and dedicated VTL payloads for Apache Roller
exploits have been developed.
In this update you will find a poweful workflow to automatically generate
exploits from web vulnerability scanner report like IBM Security AppScan.
D2 Elliot Web Exploitation Framework is regularly updated with new exploits
and tools to keep a high level of efficiency. If you need customized exploits
or tools please contact us at info at d2sec.com
For sales inquiries and orders, please contact sales at d2sec.com
--
DSquare Security, LLC
http://www.d2sec.com
Changelog:
Exploits - Added:
E-371 - pfSense Snort File Disclosure
E-372 - POSH /portal/addtoapplication.php rssurl Parameter SQL Injection
E-373 - vTiger CRM 5.4.0 kcfinder LFI
E-374 - vtiger CRM 5.4.0 get_picklists SQLi
E-375 - vtiger CRM 6.0.0 RCE
E-376 - vtiger CRM 6.0 RC RCE
E-377 - Open Web Analytics Password Reset Page owa_email_address Parameter SQL Injection
E-378 - vTiger CRM 5.4.0 kcfinder File Upload
E-379 - Zabbix api_jsonrpc.php Multiple API Method SQL Injection
E-380 - Joomla 3.2.2 SQL Injection
E-381 - Wordpress Search Everything SQL Injection
E-382 - MediaWiki thumb.php page Parameter Remote Shell Command Injection
E-383 - Apache Roller RCE Linux
E-384 - webERP 4.11.3 SQL Injection
E-385 - AlienVault OSSIM av-centerd Util.pm RCE
E-386 - Dolibarr 3.4.0 SQL Injection
E-387 - PHP-Fusion 7.02.05 downloads.php SQL Injection
E-388 - AlienVault 4.3.1 graph_geoloc2.php SQL Injection
E-389 - AlienVault 4.3.1 radar-iso27001-A11AccessControl-pot.php SQL Injection
E-390 - Tiki Wiki CMS Groupware SQL Injection
E-391 - ManageEngine Desktop Central 8.0.0 File Upload
E-392 - OpenX 2.8.11 SQL Injection
E-393 - ManageEngine Desktop Central 9.0.0 File Upload
E-394 - Pandora FMS 5.0 RC1 RCE
E-395 - Lunar CMS 3.3 File Upload
E-396 - Skybluecanvas 1.1 RCE
E-397 - ManageEngine EventLog Analyzer 9.9 File Upload
E-398 - WordPress MailPoet Newsletters File Upload
E-399 - Asus Wireless-N Gigabit Router Information Disclosure
E-400 - Belink Router Information Disclosure
E-401 - Comtrend Router Information Disclosure
E-402 - Dd-wrt Router Information Disclosure
E-403 - TomatoCart 1.1.8 SQL Injection
Workflows - Added:
W-37 - Parser AppScan
W-38 - Parser Arachni
W-39 - Exploit generator
Payloads - Added:
P-61 - Vtl Directory Listing
P-62 - Vtl Blind Shell Command
P-63 - PHP Immunity Mosdef
More information about the Canvas
mailing list