[Canvas] Gleg Agora, SCADA, Def, ZDA updates
YG
audit at gleg.net
Thu Mar 11 17:45:36 UTC 2021
Dear colleagues, new modules available for download.
ZDA 1.31: pretty interesting QNAP NAS devices chained exploit + 0days
as always
- Apache Druid <0.20.1 Remote Code Execution. CVE-2021-25646
- QNAP Pre-Auth Root RCE. several vulns chained into a pre-auth root
RCE! unpatched firmware QNAP NAS models vulnerable, CVE-2019-7192,
CVE-2019-7193, CVE-2019-7194, CVE-2019-7195 covered
- Beward B4230 IP Camera Info Disclosure [0Day]
- Beward B4230 IP Camera Privilege Escalation [0Day]
- vBulletin 5.0.0 - 5.5.4 RCE. CVE-2019-16759
- WebHMI Privilege Escalation AFU RCE [0Day]
- Beckhoff CP-Link 3 1.7.31.0 CplGfxClient Denial of Service [0Day]
- Mitsubishi MC Works64 SCADA Remote Arbitrary empty File Create
unsafe activeX method [0Day]
2.11 SCADA+ :
- ICPDAS eLogger software 2.0.0.0 Denial of Service [1Day]
- Point of View SCADA/HMI software Remote Code Execution Vulnerability [1Day]
- Yaskawa SigmaWinPlus 7 Remote Arbitrary File Overwrite [1Day]
1.64 DefPAck:
- IDAutomation unsafe activex file overwrite vulnerability. pub
- Huawei HedEx Lite directory traversal. pub
- Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated
Directory Traversal. pub
- Geutebruck IP Camera remote_reboot - pub
Agora 3.10:
- WordPress W3 Total Cache 0.9.3 Directory Traversal. pub
- WordPress Duplicator 1.3.26 Directory Traversal. pub
- Sentrifugo 3.2 - File Upload Restriction Bypass. pub
- Jenkins 2.235.3 - Stored XSS. CVE-2020-2230
- Apache Tomcat - CVE-2020-1938 (Ghostcat)
Happy pentesting,
Gleg`s Security team
Follow us on https://twitter.com/GlegExploitPack
More information about the Canvas
mailing list