[Canvas] D2 Exploitation Pack 1.98, March 3, 2016

DSquare Security sales at d2sec.com
Fri Mar 4 06:17:42 EST 2016

D2 Exploitation Pack 1.98 has been released with 3 new exploits and
2 new tools.

This month we provide you a client side exploit for Fluke Biomedical 
Ansur which has been included in D2 Client Insider and remote exploits
for Exponent CMS and Glassfish.

Also you can find a proc_open() php webshell and a tool to run 
Powershell scripts without powershell.exe. 

D2 Exploitation Pack is updated each month with new exploits and tools.
For customized exploits or tools please contact us at info at d2sec.com.

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


version 1.98 March 3, 2016

canvas_modules - Added : 
- d2sec_exponent2 : Exponent CMS 2.3.7 Remote Code Execution Vulnerability (Web Exploit)
- d2sec_fluke : Fluke Biomedical Ansur ActiveX Control Code Execution Vulnerability (Exploit Windows)
- d2sec_glassfish : Glassfish Remote Code Exec with Path Traversal Vulnerability (Web Exploit)

canvas_modules - Updated :
- d2sec_clientinsider updated with new exploit

d2sec_modules - Added :
- d2sec_psp : Tool to run Powershell scripts without powershell.exe (Tool Windows)
- d2sec_phpshell :
  - d2sec_proc_open.php : proc_open() php webshell

More information about the Canvas mailing list