From canvas at immunityinc.com  Mon Apr 15 17:13:11 2019
From: canvas at immunityinc.com (Immunity CANVAS)
Date: Mon, 15 Apr 2019 19:13:11 +0200
Subject: [Canvas] CANVAS 7.22 released
Message-ID: <e9b39c29-9406-5541-638a-2973e2eb2034@immunityinc.com>

########################################################################
#                       *CANVAS Release 7.22*                          #
########################################################################

*Date*: 15 April 2019

*Version*: 7.22

*Download URL*: https://canvas.immunityinc.com/getcanvas

*Video URL*: https://vimeo.com/319506545/700df0f25d

*Release Notes*:

In this CANVAS release we are bringing you 9 new modules and bugfixes.

Our new modules include the SPECTRE exploit for Windows, two privilege
escalation modules targeting Windows and Linux (Ubuntu), four remote
code execution modules targeting Drupal, ColdFusion, Struts 2 and Exim,
and two command modules able to retrieve a domain name (domainname) and
credentials (getwindowscredentials) for a given Windows target.


==Changes==

o CommandLineExecuter fixes

o linux installer fixes (add missing components)

o win32 mosdef fixes (cleanup on disconnection)

o AddNullShare improvements

o AddUser 64bit support

o jenkins_xstream_rce fixes

o FileSystem Browser fixes

==New Modules==

o spectre_sam_leak (CVE-2017-5753)

o setimeinfoex_lpe (CVE-2018-8120)

o snapd_uid_overwrite (CVE-2019-7304)

o drupal_services_rce (CVE-2019-6340)

o coldfusion_rce (CVE-2018-15957)

o struts2_default_action_mapper (CVE-2013-2251)

o exim_heap_overflow (CVE-2018-6789)

o getwindowscredentials

o domainname


########################################################################
########################################################################

From audit at gleg.net  Fri Apr 26 12:54:05 2019
From: audit at gleg.net (Yuriy Gurkin)
Date: Fri, 26 Apr 2019 12:54:05 -0000
Subject: [Canvas] Agora pack 2.88 is out
Message-ID: <CAGZXBLha7XOjPg4h3eovvPV669nbysrarXKxChhvhuLKCb5LKw@mail.gmail.com>

Hi, List,

2.88 ver. of Agora contains 4 modules. List:

- Nice registry editor weakness. edbid46533
- Microsoft Windows 10 scrrun.dll file creation weakness
- Mongoose Web Server 6.9 Denial Of Service. [1day]
- KKMServer 2.1.26.16 XSS

Happy pentesting,
Gleg`s Security team <http://gleg.net/>
Follow us on Twitter: GlegExploitPack <https://twitter.com/GlegExploitPack>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/canvas/attachments/20190426/982ff281/attachment.html>

From audit at gleg.net  Fri Apr 26 12:55:54 2019
From: audit at gleg.net (Yuriy Gurkin)
Date: Fri, 26 Apr 2019 12:55:54 -0000
Subject: [Canvas] DefPack pack 1.42 is out
Message-ID: <CAGZXBLiEtStVS+Axf+6x6K97Z=gFD5Z1hdNZtW5tsXJWovn2eg@mail.gmail.com>

Hi, List,

1.42 ver. of DefPack contains 3 modules. List:

- FLIR AX8 Thermal Camera 1.32.16 Directory Traversal Vulnerability.
[public]
- Rubezh FireSec Socket Server Denial Of Service. [1Day]
- VelotiSmart WiFi B-380 Camera - Directory Traversal Vulnerability.
[CVE-2018-14064]

Gleg`s Security team <http://gleg.net/>
Follow us on Twitter: GlegExploitPack <https://twitter.com/GlegExploitPack>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/canvas/attachments/20190426/9ecb8687/attachment.html>

From audit at gleg.net  Fri Apr 26 12:57:10 2019
From: audit at gleg.net (Yuriy Gurkin)
Date: Fri, 26 Apr 2019 12:57:10 -0000
Subject: [Canvas] SCADA+ pack 1.89 is out
Message-ID: <CAGZXBLigpVCsuUr-ij9ikNAzNHtgfS58EG_L2oXK8L5ZJWV4oQ@mail.gmail.com>

Hi, List,

1.89 ver. of SCADA+ contains 4 modules. List:

- WAGO PFC200 PLC series Denial Of Service. [CVE-2018-8836]
-  file upload and exec for Advantech webaccess [1Day]
- attacker can retrieve and delete arbitrary files from target [1Day]
- ICPDAS eLogger Arbitrary File Upload [1Day]


Happy pentesting,
Gleg`s Security team <http://gleg.net/>
Follow us on Twitter: GlegExploitPack <https://twitter.com/GlegExploitPack>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/canvas/attachments/20190426/353b6fcb/attachment.html>

From audit at gleg.net  Fri Apr 26 12:59:27 2019
From: audit at gleg.net (Yuriy Gurkin)
Date: Fri, 26 Apr 2019 12:59:27 -0000
Subject: [Canvas] MedPack 1.29 is out
Message-ID: <CAGZXBLjO5EtkZw86y-wWv1REKd56zg7S8_RTLaLi6CZ2Jh9X8g@mail.gmail.com>

Hi, List,

1.29 ver. of MedPack contains 2 module. List:

- Horos 2.1.0 DICOM Medical Image Viewer Remote Denial Of Service. [public]
- PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal. [public]

Happy pentesting,
Gleg`s Security team <http://gleg.net/>
Follow us on Twitter: GlegExploitPack <https://twitter.com/GlegExploitPack>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/canvas/attachments/20190426/b262c864/attachment.html>