[Canvas] D2 Exploitation Pack 1.49, February 1 2012

DSquare Security sales at d2sec.com
Wed Feb 1 15:22:18 EST 2012

D2 Exploitation Pack 1.49 has been released with 5 new exploits.

This month we provide you a new client side exploit for Novell Zenworks which
has been added to D2 Client Insider. The remote exploits of this release are 
for Struts (two different exploits) and Zope/Plone.

Also, you will find a Linux kernel privilege escalation exploit (included in 

D2 Exploitation Pack is updated each month with new exploits and tools.
For customized exploits or tools please contact us at info at d2sec.com.

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


version 1.49 February 1, 2012

canvas_modules - Added
- d2sec_launchhelp : Novell Zenworks Software Packaging LaunchHelp.dll ActiveX Control Remote Code Execution Vulnerability (Exploit Windows)
- d2sec_zopeplone : Zope/Plone Remote Code Execution Vulnerability (Web Exploit)
- d2sec_struts2 :  Apache Struts2 (DebuggingInterceptor) remote command execution vulnerability (Web Exploit)
- d2sec_struts3 :  Apache Struts2 (ParametersInterceptor) remote command execution vulnerability (Web Exploit)
- d2sec_kernvuln :
  -> add Linux Local Privilege Escalation via SUID /proc/pid/mem Vulnerability

canvas_modules - Updated
- d2sec_clientinsider updated with new exploit

More information about the Canvas mailing list