[Canvas] SCADA+ 1.16, Agora pack 2.15 are out.

Yuriy Gurkin audit at gleg.net
Mon Aug 6 04:24:35 EDT 2012

Hi list,
Agora pack 2.15 is focused on server related software.
Highlighted modules are for XAMPP  and WAMP apache+mysql server
bundles, along with
famous Joomla! 'com_hello' Component Local File Include.

-  [0day] http+mysql XAMPP budle. mysql DoS
- famous web profiling soft - webgrind. (installed by def in WAMP).  LFI
- FileZilla Server DoS
- Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure
- Joomla Hello component local file inclusion vulnerability

hint: use google's search  inurl:"com_hello"  to find vuln joomla installs.

SCADA+ 1.16:
This release is completely focused on network devices... Latest vulns
for famous routers, including one 0day:
 - Siemens Gigaset se551 authorization bypass [0day].
 - Enigma2 Webinterface remote root file disclosure exploit
 - Comtrend Router CT-5624 remote password disclosure vulnerability
 - ASUS RT-N56U fw <= remote password disclosure vulnerability
 - ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
 - ZyXEL ZyWALL USG Appliance authentication bypass
 - SAGEM ROUTER FAST 3304/3464/3504 - Telnet Authentication bypass
 - Livebox TP Router Denial Of Service
 - Linksys WAP610N fw.<=1.0.01 Unauthenticated Root Access Security


More information about the Canvas mailing list