[Canvas] D2 Elliot, January 2016

DSquare Security sales at d2sec.com
Sat Jan 16 06:24:21 EST 2016

D2 Elliot has been updated with 26 new web exploits, including 7 0days. 
Now you have more than 500 exploits available in D2 Elliot. Payloads and 
workflows have been improved. 

New workflows are available for Beyond Security AVDS and Acunetix report 
parsing and automatic exploitation. We added more WordPress workflows for 
plugins scanning, user guessing, login bruteforcing and backdooring. 

D2 Elliot Web Exploitation Framework is regularly updated with new exploits 
and tools to keep a high level of efficiency. If you need customized exploits 
or tools please contact us at info at d2sec.com 

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


0days - Added:
 ZE-1 - Site Alpha SamFM Path Disclosure
 ZE-2 - HP Power Manager 4.2 RCE
 ZE-3 - AWCM SQL Injection
 ZE-4 - nuBuilder LFI
 ZE-5 - nuBuilder SQL Injection
 ZE-6 - PhpGedView 4.2.4 LFI
 ZE-7 - nuBuilder RCE

Exploits - Added:
 E-476 - TWiki debugenableplugins RCE
 E-477 - ManageEngine Exchange Reporter Plus 4.7 SQL Injection
 E-478 - WordPress LeagueManager SQL Injection
 E-479 - ManageEngine EventLog Analyzer 10.6 SQL Injection
 E-480 - vBSEO 3.6.0 functions_vbseo_hook.php Referer RCE
 E-481 - Solarwinds Storage Manager ProcessFileUpload.jsp File Upload
 E-482 - vBulletin 5.1 RCE
 E-483 - WordPress Yoast SEO SQL Injection
 E-484 - Zen Cart 1.5.4 LFI
 E-485 - ZeusCart 4.0 SQL Injection
 E-486 - WordPress Google Document Embedder 2.5.14 SQL Injection
 E-487 - HelpDEZk 1.0.1 File Upload
 E-488 - ViArt Shop LFI
 E-489 - TomatoCart 1.1.5 LFI
 E-490 - ManageEngine Desktop Central 9.0.0 FileUploadServlet File Upload
 E-491 - Joomla 1.5.0 to 3.4.5 Object Injection via User-Agent
 E-492 - Magento ShopLift RCE
 E-493 - Joomla Core SQLi list[select]
 E-494 - ManageEngine ServiceDesk Plus 9.1 LFI

Payloads - Added: 
 P-66 - Linux Code Exfiltration
 P-67 - Linux Code Exfiltration (remote)
 P-69 - Linux find writable

Workflows - Added: 
 W-13 - Parser Acunetix
 W-14 - Wordpress persistence
 W-34 - Wordpress module scanner
 W-44 - Wordpress user enumerator
 W-45 - Parser AVDS
 W-47 - MySQL code execution (sysudf)
 W-48 - Wordpress bruteforcer

More information about the Canvas mailing list