[Canvas] SCADA+ 1.20, Agora 2.19

Yuriy Gurkin audit at gleg.net
Fri Dec 21 14:41:18 EST 2012


Hi list,
SCADA+ Pack:
New 0day in ANT Studio and cve-listed Netbiter WebSCADA in scada
section and 0day for korean router for your fun... along with old but
still usefull in some scada installations QNX modules.  List:
 - iptime  korean router DoS [0day].
[scada]:
 - QNX QCONN Remote Shutdown
 - QNX phrelay DoS
 - Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA
WS100 and WS200. CVE-2010-4730
 - ANT Studio denial of service [0day]

Agora Pack:
it includes a simple tool aimed to help in exploiting WordPress sites
(with the help of 11 modules of ours)
and two modules for defensive software along with modules for well
known web apps .
List:
[def]
 - ManageEngine Security Manager Plus <= 5.5 build 5505 Path Traversal
 - Symantec Messaging Gateway 9.5.3-3 Arbitrary File Download
[web]
 - Free Hosting Manager 2.0 SQL Injection Vulnerability
 - Invision Power Board <= 3.3.4 unserialize Regex Bypass
- Automated tool for launching wordpress exploits ver 0.1  +
additional Buddypress plugin Wordpress remote SQL Injection


More information about the Canvas mailing list