D2 Elliot Update 20140925 09.25.14


Changelog:

Exploits - Added:
 E-371 - pfSense Snort File Disclosure
 E-372 - POSH /portal/addtoapplication.php rssurl Parameter SQL Injection
 E-373 - vTiger CRM 5.4.0 kcfinder LFI
 E-374 - vtiger CRM 5.4.0 get_picklists SQLi
 E-375 - vtiger CRM 6.0.0 RCE
 E-376 - vtiger CRM 6.0 RC RCE
 E-377 - Open Web Analytics Password Reset Page owa_email_address Parameter SQL Injection
 E-378 - vTiger CRM 5.4.0 kcfinder File Upload
 E-379 - Zabbix api_jsonrpc.php Multiple API Method SQL Injection
 E-380 - Joomla 3.2.2 SQL Injection
 E-381 - Wordpress Search Everything SQL Injection
 E-382 - MediaWiki thumb.php page Parameter Remote Shell Command Injection
 E-383 - Apache Roller RCE Linux
 E-384 - webERP 4.11.3 SQL Injection
 E-385 - AlienVault OSSIM av-centerd Util.pm RCE
 E-386 - Dolibarr 3.4.0 SQL Injection
 E-387 - PHP-Fusion 7.02.05 downloads.php SQL Injection
 E-388 - AlienVault 4.3.1 graph_geoloc2.php SQL Injection
 E-389 - AlienVault 4.3.1 radar-iso27001-A11AccessControl-pot.php SQL Injection
 E-390 - Tiki Wiki CMS Groupware SQL Injection
 E-391 - ManageEngine Desktop Central 8.0.0 File Upload
 E-392 - OpenX 2.8.11 SQL Injection
 E-393 - ManageEngine Desktop Central 9.0.0 File Upload
 E-394 - Pandora FMS 5.0 RC1 RCE
 E-395 - Lunar CMS 3.3 File Upload
 E-396 - Skybluecanvas 1.1 RCE
 E-397 - ManageEngine EventLog Analyzer 9.9 File Upload
 E-398 - WordPress MailPoet Newsletters File Upload
 E-399 - Asus Wireless-N Gigabit Router Information Disclosure
 E-400 - Belink Router Information Disclosure
 E-401 - Comtrend Router Information Disclosure
 E-402 - Dd-wrt Router Information Disclosure
 E-403 - TomatoCart 1.1.8 SQL Injection
 
Workflows - Added:
 W-37 - Parser AppScan
 W-38 - Parser Arachni
 W-39 - Exploit generator

Payloads - Added:
 P-61 - Vtl Directory Listing
 P-62 - Vtl Blind Shell Command
 P-63 - PHP Immunity Mosdef
  			

Back to Updates

Share :   Facebook   Twitter   Google+