[Canvas] D2 Elliot 1.6, September 14 2016

DSquare Security sales at d2sec.com
Wed Sep 14 18:51:05 EDT 2016

D2 Elliot has been updated with 28 new web exploits including 2 0days. 
Now you have 550 exploits available in D2 Elliot. Payloads and workflows 
have also been improved. 

The main 0day in this release is dedicated to SPIP CMS. With this exploit
you'll be able to get remote command execution with a simple author account.

D2 Elliot Web Exploitation Framework is regularly updated with new exploits 
and tools to keep a high level of efficiency. If you need customized exploits 
or tools please contact us at info at d2sec.com 

For sales inquiries and orders, please contact sales at d2sec.com

DSquare Security, LLC


0days - Added:
 ZE-15 - SPIP 3.0 Author to RCE
 ZE-16 - Plici File Upload

Exploits - Added:
 E-515 - Tiki Wiki CMS 15.0 LFI
 E-516 - Tiki Wiki CMS 15.1 Upload
 E-517 - Open-Letters 1.0.5 RCE
 E-518 - IPS Community Suite RCE
 E-519 - Oracle Application Testing Suite File Upload
 E-520 - Joomla Component com_publisher SQL Injection
 E-521 - Joomla Component com_services SQL Injection
 E-522 - Drupal RESTful Web Services RCE
 E-523 - Joomla Component com_branch 3.0 SQL Injection
 E-524 - Joomla Component com_forms 1.3.1 SQL Injection
 E-525 - Joomla Component com_bt_media SQL Injection
 E-526 - Joomla Component com_guru SQL Injection
 E-527 - Drupal Coder RCE
 E-528 - Apache Continuum 1.4.2 RCE
 E-529 - Vanderbilt IP-Camera File Disclosure
 E-530 - Joomla Component com_registrationpro 3.2.12 SQL Injection
 E-531 - Joomla Component com_enmasse SQL Injection
 E-532 - SugarCRM 6.5.18 RCE
 E-533 - Drupal WikiWiki SQL Injection
 E-534 - Tiki Wiki CMS Groupware tiki-calendar.php RCE
 E-535 - VideoIQ Camera File Disclosure
 E-536 - Elasticsearch < 1.6.1 LFI
 E-537 - Oracle Glassfish Server Directory Traversal
 E-538 - 2wire Gateway Authentication Bypass
 E-539 - 3Com Router Password Disclosure
 E-540 - Zimbra iCollaboration Server LFI

More information about the Canvas mailing list