[Canvas] Agora pack 2.32 ; SCADA pack 1.32 are out !
Yuriy Gurkin
audit at gleg.net
Fri Mar 7 11:09:11 EST 2014
Hi list,
Agora 2.32 version contains following new modules for iOS and windows
systems:
- FileMaster SY-IT v3.1 iOS Local File Inclusion. [0-Day].
- PHP-Nuke 8.2.4 File Inclusion. SOJOBO-ADV-13-04
MyBB <= 1.6.11 - Remote Code Execution Using Admin Privileges.
- Chamilo LMS 1.9.6 SQL Injection. CVE-2013-6787
- AjaXplorer Directory traversal vulnerability. CVE-2013-5688
- MediaWiki <= 1.22.1 PdfHandler Remote Code Execution. CVE-2014-1610
SCADA 1.32 update contains pretty interesting 0days, including one for iOS
scada system! List:
- ScadaMobile ONE v2.5.2 Directory Traversal Vulnerability [0Day]
- Ecava IntegraXor <= 4.1.4380 - Denial of Service. ICSA-14-016-01
- Delta Electronics Buffer Overflow Exploit [0Day]
- Advantech WebAccess ActiveX ProjectName() exploit [0Day]
- Ecava IntegraXor SCADA <= 4.1.4380 Information leak. [0Day]
Two new videos are also available on https://vimeo.com/user7532837
Happy hunting!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20140307/cece2a27/attachment.html>
More information about the Canvas
mailing list