[Canvas] New SCADA+ and AGORA releases available.
Yuriy Gurkin
audit at gleg.net
Tue Jan 17 15:34:05 EST 2012
Hello all,
New things in the beginning of this 2012 year are:
SCADA+:
Two fresh 0days for GE Fanuc and Broadwin\Advantech WebAccess, plus
two 'old' 0days for Carel Plant Visor Pro (those were available
previously in professional SCADA+ version).
Modules allow for sensitive information retrieving, such as SCADA
users or admins names, database admin password hashes, configuration
files.
- Ge Fanuc Real Time Portal v 3.0 SP1 sensitive information disclosure [0day]
- Broadwin\Advantech WebAccess v7.0 sensitive information disclosure [0day]
- Carel Plant Visor Pro critical information disclosure [0day]
- Carel Plant Visor Pro critical information disclosure [0day]
Agora:
0day DoS for TrendMicro along with modules for fresh and well known web stuff:
- CommonSense CMS script Remote PHP shell uploader
- ag_hitAppoint_sqli <= 4.5.17 SQL Injection
- phpMyDirectory v1.3.2,v1.3.3 SQL Injection
- [0day] TrendMicro Control Manager CmdProcessor.exe DoS.
More information about the Canvas
mailing list