[Canvas] Gleg Agora, SCADA, Def, ZDA updates
YG
audit at gleg.net
Thu May 19 16:05:48 UTC 2022
Dear colleagues, new modules available for download.
Agora 3.23
- CouchDB 3.2.1 CVE-2022-24706 Remote Code Execution
- Freqtrade crypto-currency trading software Directory Traversal
Vulnerability. public
- OpenHAB 3.2.0 Authenticated Remote Code Execution. public
- PHPFusion 9.10.11 User Enumeration [1day]
- startserver package Directory Traversal Vulnerability CVE-2021-23430
- XenMobile leaks device information including personal data
Vulnerability CVE-2018-10652
DefPack 1.77:
- D-LINK Routers Command Injection. public
- DblTek devices allow remote attackers to discover credentials
CVE-2017-16934
- FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download
File Disclosure [1day]
- Netgear RAX35, RAX38, RAX40 routers path traversal CVE-2021-41449
- TPLink AX10 V1 Remote Denial of Service CVE-2021-41450
SCADA 2.24 :
- Yokogawa Centum CS3000 R3.08.50 Denial of Service. public
- Franklin Fueling LFI vuln CVE-2021-46417
ZDA 1.43 :
- XISOM X-Scada Viewer Directory Traversal 0day
- Spring4Shell CVE-2022-22965
- ScriptCase 9.7.016 - Arbitrary File Deletion
- POWERCOM UPSMON PRO for Windows V2.57 Directory Traversal 0day
MedPack 1.44
- IMT Analytics AG FlowAnalyser FlowLab Remote Code Execution
Vulnerability. [0day]
Happy pentesting, and peace to all.
Gleg Security team
Follow us on https://twitter.com/GlegExploitPack
More information about the Canvas
mailing list