From sales at d2sec.com  Fri Mar  1 23:44:06 2019
From: sales at d2sec.com (DSquare Security)
Date: Fri, 01 Mar 2019 23:44:06 -0000
Subject: [Canvas] D2 Exploitation Pack 2.34, March 1, 2019
Message-ID: <20190302002355.GA6159@d2sec.com.theplanet.host>

D2 Exploitation Pack 2.34 has been released with 4 new exploits.

This month we provide you a remote exploit for Crestron and Xdebug. We also 
added one new exploits to pwnrouter.


Don't forget to follow us: https://twitter.com/d2sec


D2 Exploitation Pack is updated each month with new exploits and tools.
For customized exploits or tools please contact us at info at d2sec.com.

For sales inquiries and orders, please contact sales at d2sec.com

--
DSquare Security, LLC
Website: https://www.d2sec.com
Twitter: https://twitter.com/d2sec
YouTube: https://www.youtube.com/user/dsquaresecurity


Changelog:

version 2.34 March 1, 2019
------------------------------

canvas_modules - Added: 
- d2sec_crestron: Crestron AM-100 Remote Command Execution Vulnerability
- d2sec_xdebug: Xdebug Remote Code Execution Vulnerability 
- d2sec_pwnrouter:
  d2sec_crestron_1: Crestron AM-100 Path Traversal Vulnerability
  d2sec_cisco_5: Cisco ASA Configuration Export Vulnerability    


From sales at d2sec.com  Sun Mar 31 20:23:01 2019
From: sales at d2sec.com (DSquare Security)
Date: Sun, 31 Mar 2019 15:23:01 -0500
Subject: [Canvas] D2 Exploitation Pack 2.35, April 1, 2019
Message-ID: <20190331202301.GA10628@d2sec.com.theplanet.host>

2 Exploitation Pack 2.35 has been released with 4 new exploits.

This month we provide you a remote exploit for OpenMRS and elFinder. We also 
added two new exploits to pwnrouter.


Don't forget to follow us: https://twitter.com/d2sec


D2 Exploitation Pack is updated each month with new exploits and tools.
For customized exploits or tools please contact us at info at d2sec.com.

For sales inquiries and orders, please contact sales at d2sec.com

--
DSquare Security, LLC
Website: https://www.d2sec.com
Twitter: https://twitter.com/d2sec
YouTube: https://www.youtube.com/user/dsquaresecurity


Changelog:

version 2.35 April 1, 2019
------------------------------

canvas_modules - Added: 
- d2sec_openmrs2: OpenMRS Remote Code Execution Vulnerability
- d2sec_elfinder: elFinder Remote Code Execution Vulnerability
- d2sec_pwnrouter:
  d2sec_technicolor_2: Technicolor Credentials Disclosure Vulnerability
  d2sec_dlink_26: D-Link DCM-604 Credentials Disclosure Vulnerability    


From audit at gleg.net  Mon Mar 25 19:37:37 2019
From: audit at gleg.net (Yuriy Gurkin)
Date: Mon, 25 Mar 2019 19:37:37 -0000
Subject: [Canvas] Agora pack 2.87 is out
Message-ID: <CAGZXBLing=_f2Whehn3Rr3LX7vT4LmN2hsV9ShbE1mJ4+Xq1iw@mail.gmail.com>

Hi, List,

2.87 ver. of Agora contains 4 modules. List:

- Core FTP 2.0 build 653 Denial of Service [1day]
- Embarcadero CodeGear Socket Server Denial Of Service [1day]
- Ebrigade ERP 4.5 Error-based SQL Injection. CVE-2019-5893
- MarcomCentral FusionPro VDP Creator 9.x Directory Traversal. CVE-2019-7751

Happy pentesting,
Gleg`s Security team <http://gleg.net/>
Follow us on Twitter: GlegExploitPack <https://twitter.com/GlegExploitPack>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/canvas/attachments/20190325/1eaa7655/attachment.html>

From audit at gleg.net  Mon Mar 25 19:34:47 2019
From: audit at gleg.net (Yuriy Gurkin)
Date: Mon, 25 Mar 2019 19:34:47 -0000
Subject: [Canvas] DefPack pack 1.41 is out
Message-ID: <CAGZXBLiG1Uk5uWgyxMx3R3F5BRgFzhgK28Uj1-YX1cVLov0V9A@mail.gmail.com>

Hi, List,

1.41 ver. of DefPack contains 3 modules. List:

- Apache Jetspeed v.2.3.0 Remote Code Execution Vulnerability CVE-2016-0710
- Oracle Java SE - Web Start jnlp XML External Entity Processing
Information Disclosure CVE-2017-10309
 - BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
ZSL-2019-5512

Happy pentesting,
Gleg`s Security team <http://gleg.net/>
Follow us on Twitter: GlegExploitPack <https://twitter.com/GlegExploitPack>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/canvas/attachments/20190325/f8df7458/attachment.html>

From audit at gleg.net  Mon Mar 25 19:21:09 2019
From: audit at gleg.net (Yuriy Gurkin)
Date: Mon, 25 Mar 2019 19:21:09 -0000
Subject: [Canvas] SCADA+ pack 1.88 is out
Message-ID: <CAGZXBLiPQeiQJvNyOBaSr7M4ON0HA2YfDCpbWMyiF4YVeCnvuA@mail.gmail.com>

Hi, List,

1.88 ver. of SCADA+ contains 5 modules. List:

- Delta Industrial Automation COMMGR <=1.08 Stack-based Buffer Overflow
Remote Code Execution. CVE-2018-10594
- Inductive Automation Ignition 7.5.4 Blind SQL Injection. [1Day]
- LeCroy EasyScope cwui.ocx LabWindows/CVI, LabVIEW, and other products
ActiveX Control ExportStyle Method Remote Code Execution Vulnerability.
[1Day]
- Newport Electronics iDRX ActiveX 1.3 ActiveX Control Remote File
Overwrite Vulnerability [1Day]
- Schneider Electric SEIG Modbus 3.4 Denial of Service Denial of Service.
CVE 2013-0662

Happy pentesting,
Gleg`s Security team <http://gleg.net/>
Follow us on Twitter: GlegExploitPack <https://twitter.com/GlegExploitPack>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/canvas/attachments/20190325/44bfe834/attachment.html>