[Canvas] Gleg updates - recovering from crisis release

audit at gleg.net audit at gleg.net
Tue Jun 30 15:43:17 UTC 2020


Hello dear colleagues, new updates are available for download:
Please NOTE: we are moving to new main distribution server, so you  
will receive soon new credentials for that. Also helpful news for  
those clients which had end-of-support period during COVID hit (  
March-May ): your subscription will be extended till end of July to  
help all of us fight crisis.

1.56 DefPack :
  - WatchGuard Fireware AD Helper Component Credential Disclosure. pub
  - TP-LINK router TL-WR940N - Buffer Overflow. CVE-2019-6989
  - Master IP CAM 01 3.3.4.2103 Remote Command Execution. CVE-2019-8387

ZDA  1.24 0Days+:
  - CharruaPACS CS011 PACS Server DirTrav [0day]
  - Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection
  - Rukovoditel Project Management CRM 2.6 infoleak. [0day]
  - Conquest DICOM Server software 1.5.0 Denial of Service. [0day]

SCADA  2.03:
  - OpenScada Password Hash Login. [1Day]
  - OpenScada Command Execution. [1Day]

Agora 3.02:
  - Zen Load Balancer 3.10.1 - Directory Traversal. pub
  - LimeSurvey 4.1.11 - Path Traversal CVE-2020-11455
  - Gila CMS 1.11.8 - 'query' SQL Injection CVE-2020-5515
  - CuteNews 2.1.2 - Remote Code Execution  CVE-2019-11447
  - Centreon 19.10.8  Command injection. pub


Stay healthy and happy pentesting,
-Gleg's research team




More information about the Canvas mailing list