[Canvas] Agora 2.39, SCADA 1.38 are out.

Yuriy Gurkin audit at gleg.net
Mon Nov 3 09:58:55 EST 2014


Hi list,
Agora 2.39 contains 0day joomla plugins vulns along with Symantec Endpoint
Protection module (cve listed). List:
- Joomla Spider Form Maker <= v.3.4 - index.php Blind Time-based SQL
Injection. 0day
- JOOMLA (v2.5) HD FLV Player <= v2.0 - File Download. 0day
- JOOMLA (v2.5) HD FLV Player <= v2.0 - SQL Injection. 0day
- Joomla Spider video player 2.8.3 - Blind SQL Injection. 0day
[def]:
ag_Symantec_Endpoint_Protection - Symantec Endpoint Protection 11.x, 12.x -
Kernel Pool Overflow. CVE-2014-08-05

SCADA 1.38 contains 3 [0days] for SCADAs and additional network equipment
module:
 - Emerson ROCLINK800 arpro2.dll ActiveX Control Remote Code Execution
Vulnerability [0-day]
- FANUC OlpcPRO Directory Traversal Vulnerability [0-day]
- NOVUS NConfig 1.3.3 [0-Day]
[netdev]:
- D-Link DIR-300 DIR-600 DIR-615 routers Password Recovery. public

Regards,
Agora and SCADA GLEG ltd's development team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20141103/07d793f3/attachment.html>


More information about the Canvas mailing list