[Canvas] D2 Exploitation Pack 1.70, November 4 2013

DSquare Security sales at d2sec.com
Thu Nov 7 17:02:43 EST 2013

D2 Exploitation Pack 1.70 has been released with 5 new exploits and 
one new tool.

This month we provide you two remote code execution exploits for
HP PCM+ SNAC Registration Server and one client side exploit for
Indusoft Thin Client.

Also you can find two new exploits for pwnrouter and a tool to 
bruteforce default accounts on AS400 ftpd.

D2 Exploitation Pack is updated each month with new exploits and tools.
For customized exploits or tools please contact us at info at d2sec.com.

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


version 1.70 Nov 4, 2013

canvas_modules - Added :
- d2sec_hppcm : HP PCM+ SNAC Registration Server UpdateCertificatesServlet Remote Code Execution Vulnerability (Web Exploit)
- d2sec_hppcm2 : HP PCM+ SNAC Registration Server UpdateDomainControllerServlet Remote Code Execution Vulnerability (Web Exploit)
- d2sec_indusoft : Indusoft Thin Client 7.1 ActiveX Buffer Overflow Vulnerability (Exploit Windows)
- d2sec_as400_ftpd_default_accounts : AS400 Ftpd Default Accounts Bruteforcer (Tool)
- d2sec_pwnrouter :
  - Backdoor D-LINK Vulnerability
  - Pirelli Discus Password Disclosure Vulnerability
  - GUI improvments  

canvas_modules - Updated :
- d2sec_clientinsider updated with new exploit
- d2sec_passdisclo updated with CVE-2013-0337 - Nginx log files before 1.3.14 

More information about the Canvas mailing list