VulnDisco Pack Professional is the Immunity CANVAS add-on, it is Canvas Exploitation Pack (CEP) which consists of more than 300 modules targeting unpatched vulnerabilities.
- The richest set of exploits for unpatched vulnerabilities available on the market.
- Targeted on well known software products.
- Client side and server side vulnerabilities.
- Updated once a month.
If within the content refer to Vulndisco Step-Ahead Edition, or we commonly cited as Vulndisco SA Edition, it is intended for companies with special security needs. The content specific mention with Vulndisco Step-Ahead (SA) mean only accessible with that only and not available for Vulndisco Professional. Vulndisco Step-Ahead (SA) Edition, it allows you to be one step ahead of others in the field of security. All modules are provided under the terms of Developer license, it allows you to create patches, workarounds, signatures and use them for commercial needs. Vulndisco Step-Ahead (SA) Edition Features: 1 year of updates and support; Up-to-the-minute information: You will receive all the information being developed for VulnDisco Pack Professional on the earliest stage of development. Some exploit modules from SA never appear in normal VulnDisco Pack Professional; VulnDisco Pack Professional 1-seat Developer license with 1 year of updates and support; ProtoVer testsuite 1-seat license with 1 year of updates and support.
Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow the latest date, so it will show one post date, rather than multiple post for hassle free reading in one post. This post is about CANVAS Exploitation Pack (CEP) VulnDisco Professional, it need to be use with CANVAS Exploitation Testing Framework. Feel free to contact E-SPIN for product and related matter.
2020-Aug-24 VulnDisco Pack Professional 10.84
New exploits:
vd_bind_tcp – BIND 9.16.5 remote DoS
This bug is particularly interesting, because it could trigger an
assertion and crashed named as long as it has listening TCP port.
Fixed in 9.16.6 though.
bind9_xxx – [0day] BIND 9 remote DoS
This is still 0day, 9.16.6 is vulnerable.
2020-Jun-22 VulnDisco Pack Professional 10.82
New exploits in this version:
vd_zoom – [0day] Zoom exploit
Demo access to Vulndisco Step-Ahead page is available, see SA_DEMO.txt
for more info.
2020-Jun-3 VulnDisco Pack Professional 10.81
New exploits in this version:
vd_slack – [0day] Slack exploit
2019-Jun-5 VulnDisco Pack Professional 10.67
This update contains new WhatsApp 0day exploit.
2019-Feb-11 VulnDisco Pack Professional 10.64
Version 10.64 is out with new Telegram exploit.
2018-Nov-7 VulnDisco Pack Professional 10.62
New version of Vulndisco is out with Telegram exploit.
For more info check out changelog.
2018-Oct-12 VulnDisco Pack Professional 10.61
New version of Vulndisco is out with Signal exploit.
For more info check out changelog.
2018-Sep-3 VulnDisco Pack Professional 10.60
New version of VulnDisco.
There is an interesting Mozilla Thunderbird exploit.
For more info check out Changelog.
2018-Aug-8 VulnDisco Pack Professional 10.59
New version of Vulndisco is out.
It includes MS Outlook exploit.
2018-Jul-31 VulnDisco Pack Professional 10.59
New version of Vulndisco is out.
It includes MS Outlook 0day exploit.
2018-Jun-30 VulnDisco Pack Professional 10.58
New release of VulnDisco 10.58.
It includes Skype and Signal 0day exploits.
2018-May-28 VulnDisco Pack Professional 10.57
New modules in this version:
vd_tg2 – [0day] Telegram exploit
vd_wsup1 – [0day] WhatsApp exploit
2018-May-7 VulnDisco Pack Professional 10.56
New version of VulnDisco is out.
It includes a fully working 0day exploit for Telegram.
2018-Apr-1 VulnDisco Pack Professional 10.55
Decentralized exploits part two.
New version of VulnDisco has 7 new modules.
Most of them are go-ethereum and parity 0days.
2018-Mar-18 VulnDisco Pack 10.54
New release of new version.
It includes several new 0days.
Affected software can be found on Ethereum and Bitcoin mainnets.
2017-Mar-31 VulnDisco Pack Professional 10.41
About ten new Android vulnerabilities in this update.
More info in changelog as usual.
2017-Feb-28 VulnDisco Pack Professional 10.40
New Android and Firefox 51.0.1 overflows in this update.
Minor changes to OpenH264 proof of concept, it will trigger heap
overflow in the latest version again.
2017-Feb-2 VulnDisco Pack Professional 10.39
A lot of cleanup in this version.
Also releasing several new android bugs.
Full details in changelog as usual.
2017-Jan-20 VulnDisco Pack Professional 10.38
New version of VulnDisco is available for download.
There are several interesting Android overflows in this update.
Tested them with the latest android-7.1.1_r10 branch.
2016-Aug-1 VulnDisco Pack Professional 10.32
There are about a dozen new unpublished Android vulnerabilities in this
update.
Some of them look pretty interesting, but this is a story for the next
update.