[Canvas] D2 Elliot 1.6, September 14 2016
DSquare Security
sales at d2sec.com
Wed Sep 14 18:51:05 EDT 2016
D2 Elliot has been updated with 28 new web exploits including 2 0days.
Now you have 550 exploits available in D2 Elliot. Payloads and workflows
have also been improved.
The main 0day in this release is dedicated to SPIP CMS. With this exploit
you'll be able to get remote command execution with a simple author account.
D2 Elliot Web Exploitation Framework is regularly updated with new exploits
and tools to keep a high level of efficiency. If you need customized exploits
or tools please contact us at info at d2sec.com
For sales inquiries and orders, please contact sales at d2sec.com
--
DSquare Security, LLC
http://www.d2sec.com
Changelog:
0days - Added:
ZE-15 - SPIP 3.0 Author to RCE
ZE-16 - Plici File Upload
Exploits - Added:
E-515 - Tiki Wiki CMS 15.0 LFI
E-516 - Tiki Wiki CMS 15.1 Upload
E-517 - Open-Letters 1.0.5 RCE
E-518 - IPS Community Suite RCE
E-519 - Oracle Application Testing Suite 12.4.0.2.0 File Upload
E-520 - Joomla Component com_publisher SQL Injection
E-521 - Joomla Component com_services SQL Injection
E-522 - Drupal RESTful Web Services RCE
E-523 - Joomla Component com_branch 3.0 SQL Injection
E-524 - Joomla Component com_forms 1.3.1 SQL Injection
E-525 - Joomla Component com_bt_media SQL Injection
E-526 - Joomla Component com_guru SQL Injection
E-527 - Drupal Coder RCE
E-528 - Apache Continuum 1.4.2 RCE
E-529 - Vanderbilt IP-Camera File Disclosure
E-530 - Joomla Component com_registrationpro 3.2.12 SQL Injection
E-531 - Joomla Component com_enmasse SQL Injection
E-532 - SugarCRM 6.5.18 RCE
E-533 - Drupal WikiWiki SQL Injection
E-534 - Tiki Wiki CMS Groupware tiki-calendar.php RCE
E-535 - VideoIQ Camera File Disclosure
E-536 - Elasticsearch < 1.6.1 LFI
E-537 - Oracle Glassfish Server Directory Traversal
E-538 - 2wire Gateway Authentication Bypass
E-539 - 3Com Router Password Disclosure
E-540 - Zimbra iCollaboration Server LFI
More information about the Canvas
mailing list