[Canvas] Gleg Agora, SCADA, Def, ZDA updates
YG
audit at gleg.net
Sat Sep 11 18:15:45 UTC 2021
Dear colleagues, new modules available for download.
SCADA 2.17 :
- WebHMI Privilege Escalation AFU and RCE. [1Day]
- MELSOFT Mediative Server Denial Of Service [1Day]
- Reliance4 SCADA Web Server Denial of Service [1Day]
- Schneider Electric Concept 2.6XL Remote Arbitrary File Overwrite [1Day]
- Citect SCADA (Facilities) ciTextBox.ocx Remote File Create weakness. pub
Agora 3.16:
- AGG Private Business Exchange Data Logger Directory Traversal. [1day]
- ActiveBarcode Generator file overwrite vulnerability [1day]
- Codejock Xtreme Suite Pro ActiveX 15.3.1 Retail Remote File Create
Vulnerability [1day]
- GLPI 9.5 Authenticated Stored CSS Injection [1day]
- LibreNMS 21.3.0 Persistent Cross-Site Scripting [1day]
- Node-RED-Dashboard before 2.26.2 Directory Traversal
Vulnerability. CVE-2021-3223
DefPack 1.70:
- COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write DoS.
CVE-2021-08-16
- Foscam Cameras Denial of service of the RTSP video feed. pub
- Genie Access WIP3BVAF IP Camera Directory Traversal Vulnerability. pub
- Karel IP Phone IP1211 Web Management Panel Directory Traversal
Vulnerability. pub
- Netgear DGN2200v1 and other Bezeq based devices Remote Command
Execution Unauthenticated. pub
- RConfig 3.9.6 Arbitrary File Upload to RCE . pub
ZDA 1.36 extra exploits:
- ARSoft Visual IO SCADA DDE Server Denial of Service [0Day]
- Pult Online v270 Information leak [0Day]
- Unitronics VisiLogic_C File Create Vulnerability [0Day]
- WiSCADA TsDatabase 0-Day Denial of Service [0Day]
- IPS Community Suite <= 4.5.4.2 PHP Code Injection Vulnerability.
CVE-2021-32924
- osCommerce 2.3.4.1 Remote Code Execution. pub
- Webmin 1.973 Cross-Site Request Forgery to RCE. CVE-2021-31761
Happy pentesting,
Gleg Security team
Follow us on https://twitter.com/GlegExploitPack
More information about the Canvas
mailing list