D2 Elliot Update 20160115 01.15.16


Changelog:

0days - Added:
 ZE-1 - Site Alpha SamFM Path Disclosure
 ZE-2 - HP Power Manager 4.2 RCE
 ZE-3 - AWCM SQL Injection
 ZE-4 - nuBuilder LFI
 ZE-5 - nuBuilder SQL Injection
 ZE-6 - PhpGedView 4.2.4 LFI
 ZE-7 - nuBuilder RCE

Exploits - Added:
 E-476 - TWiki debugenableplugins RCE
 E-477 - ManageEngine Exchange Reporter Plus 4.7 SQL Injection
 E-478 - WordPress LeagueManager 3.9.1.1 SQL Injection
 E-479 - ManageEngine EventLog Analyzer 10.6 SQL Injection
 E-480 - vBSEO 3.6.0 functions_vbseo_hook.php Referer RCE
 E-481 - Solarwinds Storage Manager ProcessFileUpload.jsp File Upload
 E-482 - vBulletin 5.1 RCE
 E-483 - WordPress Yoast SEO 1.7.3.3 SQL Injection
 E-484 - Zen Cart 1.5.4 LFI
 E-485 - ZeusCart 4.0 SQL Injection
 E-486 - WordPress Google Document Embedder 2.5.14 SQL Injection
 E-487 - HelpDEZk 1.0.1 File Upload
 E-488 - ViArt Shop LFI
 E-489 - TomatoCart 1.1.5 LFI
 E-490 - ManageEngine Desktop Central 9.0.0 FileUploadServlet File Upload
 E-491 - Joomla 1.5.0 to 3.4.5 Object Injection via User-Agent
 E-492 - Magento ShopLift RCE
 E-493 - Joomla Core SQLi list[select]
 E-494 - ManageEngine ServiceDesk Plus 9.1 LFI

Payloads - Added: 
 P-66 - Linux Code Exfiltration
 P-67 - Linux Code Exfiltration (remote)
 P-69 - Linux find writable

Workflows - Added: 
 W-13 - Parser Acunetix
 W-14 - Wordpress persistence
 W-34 - Wordpress module scanner
 W-44 - Wordpress user enumerator
 W-45 - Parser AVDS
 W-47 - MySQL code execution (sysudf)
 W-48 - Wordpress bruteforcer
  			

Back to Updates

Share :   Facebook   Twitter   Google+