[Canvas] SCADA+ 1.16, Agora pack 2.15 are out.
audit at gleg.net
Mon Aug 6 04:24:35 EDT 2012
Agora pack 2.15 is focused on server related software.
Highlighted modules are for XAMPP and WAMP apache+mysql server
bundles, along with
famous Joomla! 'com_hello' Component Local File Include.
- [0day] http+mysql XAMPP budle. mysql DoS
- famous web profiling soft - webgrind. (installed by def in WAMP). LFI
- FileZilla Server DoS
- Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure
- Joomla Hello component local file inclusion vulnerability
hint: use google's search inurl:"com_hello" to find vuln joomla installs.
This release is completely focused on network devices... Latest vulns
for famous routers, including one 0day:
- Siemens Gigaset se551 authorization bypass [0day].
- Enigma2 Webinterface remote root file disclosure exploit
- Comtrend Router CT-5624 remote password disclosure vulnerability
- ASUS RT-N56U fw <= 184.108.40.206 remote password disclosure vulnerability
- ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
- ZyXEL ZyWALL USG Appliance authentication bypass
- SAGEM ROUTER FAST 3304/3464/3504 - Telnet Authentication bypass
- Livebox TP Router Denial Of Service
- Linksys WAP610N fw.<=1.0.01 Unauthenticated Root Access Security
More information about the Canvas