[Canvas] D2 Exploitation Pack 1.96, January 5, 2015

DSquare Security sales at d2sec.com
Tue Jan 5 17:20:15 EST 2016

D2 Exploitation Pack 1.96 has been released with two new exploits and 
two new tools.

This month we provide you a remote exploit for ManageEngine Desktop 
Central and a client side exploit for Schneider Electric ProClima which 
has been included in D2 Client Insider.

Also you can find a tool to extract urls from index page and another one
to export databases from a MongoDB server.

D2 Exploitation Pack is updated each month with new exploits and tools.
For customized exploits or tools please contact us at info at d2sec.com.

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


version 1.96 January 5, 2016

canvas_modules - Added :
- d2sec_desktopcentral3 : ManageEngine Desktop Central 9.0.0 FileUploadServlet File Upload Remote Code Execution Vulnerability (Web Exploit)
- d2sec_f1book : Schneider Electric ProClima F1BookView ActiveX Remote Code Execution Vulnerability (Exploit Windows)
- d2sec_extracturl : Tool to extract and to test urls from a index webpage (Tools)

canvas_modules - Updated :
- d2sec_clientinsider updated with new exploit

d2sec_modules - Added:
- d2sec_mongodb_scraper : Tool to list and to export databases from MongoDB servers (Tools)

More information about the Canvas mailing list