From audit at gleg.net  Fri Sep 23 18:41:56 2022
From: audit at gleg.net (YG)
Date: Fri, 23 Sep 2022 18:41:56 -0000
Subject: [Canvas] Gleg Agora, SCADA, Def, ZDA updates
Message-ID: <20220923204146.Horde.DVjO0Ccupy37p7wugdUKCz_@gleg.net>

Dear colleagues, new modules available for download.

Agora 3.26:
  - FreeSWITCH <= v1.10.6 Denial of Service CVE-2021-41145
  - LogicalDOC Enterprise 7.7.4 Directory Traversal Vulnerabilitiy. public
  - phpIPAM <1.4.5 Authenticated SQL Injection CVE-2022-23046
  - SolarView Compact 6.0 OS Command Injection CVE-2022-29303
  - CVE-2022-23642 Sourcegraph Remote Code Execution CVE-2022-23642

DefPack 1.80:
  - Korenix Technology JetNet Devices Denial of Service CVE-2020-12500
  - Telesquare TLR-2855KS6 Arbitrary File Deletion CVE-2021-46419
  - Westermo PoE Gigabit Switch PMI-110-F2G Directory Traversal CVE-2020-12504

SCADA 2.27:
  - Comtrol RocketLinx ICRL-M Directory Traversal CVE-2020-12504
  - CVE-2022-25359
  - Sealevel Systems Inc. SeaConnect 370W Remote Denial of Service  
CVE-2021-21964

ZDA 1.46:
  - SIMPLE SCADA 2 infoleak Vulnerability [0Day]
  - Ipswitch WhatsUp Gold TFTP Server Infoleak [0Day]
- CoolMayHMI DCS for NET v.6.00 Remote Denial of Service [0Day]
  - Bruel and Kjaer Vibro Compact Setup Remote Denial of Service [0Day]

Happy pentesting!

Gleg Security team
Follow us on https://twitter.com/GlegExploitPack