[Canvas] Agora 2.42, SCADA+ 1.42, MedPack 1.3 are out !
Yuriy Gurkin
audit at gleg.net
Fri Mar 13 10:28:52 EDT 2015
Hi list,
1.
Our new Medical exploits package - MedPack is updated with two 0days:
- Fluke Biomedical Ansur ActiveX allowing Remote Code Execution [0-day]
- MaxSystems Inc ActiveX Remote Arbitrary File Deletion Vulnerability
[0-day]
***********
2.
SCADA+ is updated with four 0days, including excellent Mango automation
exploit allowing administrative credentials retrieving.
video available here https://vimeo.com/user7532837/videos
- B&B Electronics Vlinx ConnectPro Manager DoS [0-Day]
- Events SCADA HMI <= v.8.58 - reveals sensitive info [0-Day]
- Mango Automation get login and password list [0-Day]
- Panasonic Configurator DL DoS PoC [0-Day]
3. Agora contains fresh new modules for web software and one 0day;
- MantisBT <= v1.2.17 - SQL Injection
-SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
[0-day]
- WordPress Revolution Slider Local File Disclosure Vulnerability
- Wordpress Theme Divi Arbitrary File Download Vulnerability
Happy Hunting!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20150313/0627dfbb/attachment.html>
More information about the Canvas
mailing list