D2 Elliot Update 20140326 03.26.14


Changelog:

Exploits - Added:
 E-2 - Apache-Struts < 2.2.0 RCE Windows
 E-30 - Apache-Struts < 2.2.0 RCE Linux
 E-70 - Apache-Struts DebuggingInterceptor < 2.2.3.1 RCE Windows
 E-77 - Apache-Struts DebuggingInterceptor < 2.2.3.1 RCE Linux
 E-145 - Apache-Struts < 2.3.1.1 RCE Windows
 E-192 - Apache-Struts < 2.3.1.1 RCE Linux
 E-319 - Apache-Struts <= 2.3.14.1 RCE
 E-335 - Xibo 1.4.1 LFI
 E-336 - PineApp Mail-SeCure 3.70 livelog.html RCE
 E-337 - Sophos Web Protection Appliance 3.8.1 RCE
 E-338 - GLPI 0.84.1 RCE
 E-343 - SPIP ecran_securite connect Parameter RCE
 E-346 - Bilboplanet SQLi via auth
 E-347 - Pydio File Upload
 E-348 - Apache Roller OGNL Injection
 E-339 - Apache-Struts Showcase < 2.3.14.1 RCE Linux
 E-340 - Apache-Struts IncludeParams < 2.3.14.2 RCE Linux
 E-341 - Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux
 E-342 - Apache-Struts ExceptionDelegator < 2.3.1.1 RCE Linux
 E-343 - HP PCM+ SNAC Registration Server UpdateCertificatesServlet File Upload
 E-344 - HP PCM+ SNAC Registration Server UpdateDomainControllerServlet File Upload
 E-345 - BigTree CMS 4.0 RC2 SQL Injection
 E-350 - Nuked-klaN 1.7.7 / SP4.4 SQL injection
 E-351 - Wordpress WP-FileManager 1.3.0 File Disclosure
 E-352 - Apache-Struts2 DevMode RCE Linux
 E-353 - Ginkgo CMS 5.0 SQL Injection
 E-354 - vBulletin 4.1.x RCE
 E-355 - HP SiteScope issueSiebelCmd 11.20 RCE
 E-356 - vBulletin 5.x Remote Administrator Injection
 E-357 - HP SiteScope runOMAgentCommand 11.20 RCE
 E-358 - TomatoCart 1.1.8 LFI
 E-359 - HP Intelligent Management Center BIMS UploadServlet File Upload
 E-361 - AdRotate library/clicktracker.php track Parameter SQL Injection
 E-362 - W3 Total Cache Plugin Remote Code Execution
 E-363 - Sophos Web Protection Appliance 3.7.8.1 File Disclosure
 E-364 - glFusion SQL Injection
 E-365 - Seportal 2.5 SQLi
 E-366 - vtiger CRM 5.4.0 SQLi
 E-367 - Joomla 3.2.1 SQL Injection
 E-368 - vtiger CRM 5.4.0 File Upload
 E-369 - appRain 3.0.2 SQL Injection
 E-370 - Sophos Web Protection Appliance 3.7.8.1 RCE

Workflows - Added:
 W-33 - SPIP usernames enumeration
 W-34 - Wordpress modules bruteforcer
 W-35 - Struts to RCE
 W-36 - Typo3 extensions bruteforcer

Payloads - Addes:
 P-53 - Ognl Blind Shell Command
 P-54 - Ognl Shell Command
 P-55 - Ognl File Upload
 P-56 - Ognl File Delete
 P-57 - Ognl Web Path Disclosure
 P-58 - Powershell based credentials dumper
 P-59 - PHP Upload Gate no alphanumeric
			

Back to Updates

Share :   Facebook   Twitter   Google+