[Canvas] D2 Exploitation Pack 1.80, September 4 2014

DSquare Security sales at d2sec.com
Thu Sep 4 18:50:18 EDT 2014

D2 Exploitation Pack 1.80 has been released with 2 new exploits and 
2 new tools.

This month we provide you a remote code execution exploit for HP Data 
Protector and a client side exploit for Tom Sawyer ActiveX.

Also you can find a new tool to mount a FUSE-based filesystem via 
DNS and an Apache Axis2 backdoor.

D2 Exploitation Pack is updated each month with new exploits and tools.
For customized exploits or tools please contact us at info at d2sec.com.

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


version 1.80 Sept 04, 2014

canvas_modules - Added : 
- d2sec_hpdp3 : HP Data Protector Backup Client Service EXEC_BAR Remote Command Execution Vulnerability (Exploit Windows)
- d2sec_tomsawyer : Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability (Exploit Windows)

canvas_modules - Updated :
- d2sec_clientinsider updated with new exploit

d2sec_modules - Added :
- d2sec_axis_ws : Apache Axis2 backdoor service (Post-intrusion Tool)
- d2sec_dnsfs : FUSE-based filesystem that uses DNS request to mount a remote directory on a local machine (Tools Linux)

More information about the Canvas mailing list