[Canvas] D2 Exploitation Pack 2.05, October 4, 2016

DSquare Security sales at d2sec.com
Tue Oct 4 13:59:22 EDT 2016

D2 Exploitation Pack 2.05 has been released with 3 new exploits and 2 new 

This month we provide you three remote exploits for Drupal Coder, SugarCRM and

Also you can find a tool to detect Elasticsearch version and another one to try
to find the source code of a website via Git. 

D2 Exploitation Pack is updated each month with new exploits and tools.
For customized exploits or tools please contact us at info at d2sec.com.

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


version 2.05 Oct 4, 2016

canvas_modules - Added : 
- d2sec_drupalcoder : Drupal Coder Remote Code Execution Vulnerability (Web Exploit)
- d2sec_sugarcrm : SugarCRM Remote Code Execution Vulnerability (Web Exploit)
- d2sec_elasticsearch_getversion : Elasticsearch Version Tool (Recon) 

d2sec_modules - Added:
- d2sec_git_toolbox :
  - d2sec_git_exposed : Tool to have the source of a website
  - d2sec_gitlist_rce : Gitlist <= 0.4.0 RCE Vulnerability

d2sec_modules - Updated:
- d2sec_git is moved to d2sec_git_toolbox

More information about the Canvas mailing list