[Canvas] D2 Elliot, January 2016
DSquare Security
sales at d2sec.com
Sat Jan 16 06:24:21 EST 2016
D2 Elliot has been updated with 26 new web exploits, including 7 0days.
Now you have more than 500 exploits available in D2 Elliot. Payloads and
workflows have been improved.
New workflows are available for Beyond Security AVDS and Acunetix report
parsing and automatic exploitation. We added more WordPress workflows for
plugins scanning, user guessing, login bruteforcing and backdooring.
D2 Elliot Web Exploitation Framework is regularly updated with new exploits
and tools to keep a high level of efficiency. If you need customized exploits
or tools please contact us at info at d2sec.com
For sales inquiries and orders, please contact sales at d2sec.com
--
DSquare Security, LLC
http://www.d2sec.com
Changelog:
0days - Added:
ZE-1 - Site Alpha SamFM Path Disclosure
ZE-2 - HP Power Manager 4.2 RCE
ZE-3 - AWCM SQL Injection
ZE-4 - nuBuilder LFI
ZE-5 - nuBuilder SQL Injection
ZE-6 - PhpGedView 4.2.4 LFI
ZE-7 - nuBuilder RCE
Exploits - Added:
E-476 - TWiki debugenableplugins RCE
E-477 - ManageEngine Exchange Reporter Plus 4.7 SQL Injection
E-478 - WordPress LeagueManager 3.9.1.1 SQL Injection
E-479 - ManageEngine EventLog Analyzer 10.6 SQL Injection
E-480 - vBSEO 3.6.0 functions_vbseo_hook.php Referer RCE
E-481 - Solarwinds Storage Manager ProcessFileUpload.jsp File Upload
E-482 - vBulletin 5.1 RCE
E-483 - WordPress Yoast SEO 1.7.3.3 SQL Injection
E-484 - Zen Cart 1.5.4 LFI
E-485 - ZeusCart 4.0 SQL Injection
E-486 - WordPress Google Document Embedder 2.5.14 SQL Injection
E-487 - HelpDEZk 1.0.1 File Upload
E-488 - ViArt Shop LFI
E-489 - TomatoCart 1.1.5 LFI
E-490 - ManageEngine Desktop Central 9.0.0 FileUploadServlet File Upload
E-491 - Joomla 1.5.0 to 3.4.5 Object Injection via User-Agent
E-492 - Magento ShopLift RCE
E-493 - Joomla Core SQLi list[select]
E-494 - ManageEngine ServiceDesk Plus 9.1 LFI
Payloads - Added:
P-66 - Linux Code Exfiltration
P-67 - Linux Code Exfiltration (remote)
P-69 - Linux find writable
Workflows - Added:
W-13 - Parser Acunetix
W-14 - Wordpress persistence
W-34 - Wordpress module scanner
W-44 - Wordpress user enumerator
W-45 - Parser AVDS
W-47 - MySQL code execution (sysudf)
W-48 - Wordpress bruteforcer
More information about the Canvas
mailing list