[Canvas] Gleg Agora, SCADA, Def, ZDA updates
YG
audit at gleg.net
Wed Jun 9 18:20:11 UTC 2021
Dear colleagues, new modules available for download.
SCADA 2.14 :
- WebHMI 4.0.7348 DoS [1Day]
- Mitsubishi MC Works64 SCADA Remote Arbitrary empty File Create,
unsafe ActiveX [1Day]
- ICONICS AlarmWorX32 Report ActiveX Remote Arbitrary empty File
Create unsafe ActiveX [1Day]
- FATEK Automation FvDownload DoS [1Day]
Agora 3.13:
- MyBB 1.8.25 Poll Vote Count SQLi CVE-2021-27946
- Mantis Bug Tracker 2.24.3 'access' SQLi CVE-2020-28413
- vBulletin 5.0.0 to 5.5.4 RCE CVE-2019-16759
- TestLink 1.9.20 RCE CVE-2020-8639
- VisualWare MyConnection Server 11.x Remote Code Execution CVE-2021-27198
DefPack 1.67:
- Kamailio SIP Denial Of Service. pub
- QNAP Pre-Auth Root RCE. nice bundle exploit . pub
- VoIPmonitor 27.6 Denial Of Service. pub
- NuCom 11N Wireless Router 5.07.90 Remote Credentials Disclosure. pub
1.41 MedPack:
- MedDream PACS Server 7.1.1 - Multiple SQL Injection [1day]
1.33 ZDA pack:
- WiSCADA 2.0 0-Day Remote Arbitrary File Overwrite [0Day]
- Schneider Electric Concept 2.6XL Remote Arbitrary File Overwrite [0Day]
- Samkoon HMI Manager DoS [0Day]
- GLPI 9.5 Unauth User Enum + SQLi [0Day]s
- Chamilo LMS RCE pub
- Windows IIS dos. pub
Happy pentesting,
Gleg`s Security team
Follow us on https://twitter.com/GlegExploitPack
More information about the Canvas
mailing list