[Canvas] D2 Elliot, September 2014

DSquare Security sales at d2sec.com
Thu Sep 25 18:03:32 EDT 2014

D2 Elliot has been updated with tons of new modules and features. With more
than 30 new web exploits you have now 400 exploits available in D2 Elliot. 
Payloads have been improved and dedicated VTL payloads for Apache Roller 
exploits have been developed.

In this update you will find a poweful workflow to automatically generate 
exploits from web vulnerability scanner report like IBM Security AppScan.

D2 Elliot Web Exploitation Framework is regularly updated with new exploits 
and tools to keep a high level of efficiency. If you need customized exploits 
or tools please contact us at info at d2sec.com 

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


Exploits - Added:
 E-371 - pfSense Snort File Disclosure
 E-372 - POSH /portal/addtoapplication.php rssurl Parameter SQL Injection
 E-373 - vTiger CRM 5.4.0 kcfinder LFI
 E-374 - vtiger CRM 5.4.0 get_picklists SQLi
 E-375 - vtiger CRM 6.0.0 RCE
 E-376 - vtiger CRM 6.0 RC RCE
 E-377 - Open Web Analytics Password Reset Page owa_email_address Parameter SQL Injection
 E-378 - vTiger CRM 5.4.0 kcfinder File Upload
 E-379 - Zabbix api_jsonrpc.php Multiple API Method SQL Injection
 E-380 - Joomla 3.2.2 SQL Injection
 E-381 - Wordpress Search Everything SQL Injection
 E-382 - MediaWiki thumb.php page Parameter Remote Shell Command Injection
 E-383 - Apache Roller RCE Linux
 E-384 - webERP 4.11.3 SQL Injection
 E-385 - AlienVault OSSIM av-centerd Util.pm RCE
 E-386 - Dolibarr 3.4.0 SQL Injection
 E-387 - PHP-Fusion 7.02.05 downloads.php SQL Injection
 E-388 - AlienVault 4.3.1 graph_geoloc2.php SQL Injection
 E-389 - AlienVault 4.3.1 radar-iso27001-A11AccessControl-pot.php SQL Injection
 E-390 - Tiki Wiki CMS Groupware SQL Injection
 E-391 - ManageEngine Desktop Central 8.0.0 File Upload
 E-392 - OpenX 2.8.11 SQL Injection
 E-393 - ManageEngine Desktop Central 9.0.0 File Upload
 E-394 - Pandora FMS 5.0 RC1 RCE
 E-395 - Lunar CMS 3.3 File Upload
 E-396 - Skybluecanvas 1.1 RCE
 E-397 - ManageEngine EventLog Analyzer 9.9 File Upload
 E-398 - WordPress MailPoet Newsletters File Upload
 E-399 - Asus Wireless-N Gigabit Router Information Disclosure
 E-400 - Belink Router Information Disclosure
 E-401 - Comtrend Router Information Disclosure
 E-402 - Dd-wrt Router Information Disclosure
 E-403 - TomatoCart 1.1.8 SQL Injection
Workflows - Added:
 W-37 - Parser AppScan
 W-38 - Parser Arachni
 W-39 - Exploit generator

Payloads - Added:
 P-61 - Vtl Directory Listing
 P-62 - Vtl Blind Shell Command
 P-63 - PHP Immunity Mosdef

More information about the Canvas mailing list