[Canvas] Fwd: Agora 2.8, SCADA+ 1.9 are available for download

Yuriy Gurkin audit at gleg.net
Fri Jan 6 11:01:34 EST 2012 

another try to send to list.


---------- Forwarded message ----------
From: Yuriy Gurkin <audit at gleg.net>
Date: Fri, Dec 30, 2011 at 12:13 AM
Subject: Agora 2.8, SCADA+ 1.9 are available for download
To: canvas at lists.immunitysec.com, Admin <admin at immunityinc.com>


Hi list,
SCADA+ 1.9 news:
New modules for public vulns in CoDeSys, Siemens WINCC and Samsung air
conditioning Data manager server. Some allows full system compromise!
For step ahead SCADA+ (SCPSA) users  there are Three additional 0days
for well known SCADAs ... all allowing full pwn!
Modules list:
 - Samsung Data Manager server (air conditioning systems) == 1.4.1
hardcoded credentials. [0day]
 - CoDeSys SCADA v2.3 Webserver Stack Buffer Overflow. exploit allows full pwn.
 - Siemens WINCC flixible runtime 2008 SP2 + SP 1, hmiload.exe
directory traversal. exploit allows full pwn via troyan uploading.
 - Siemens WINCC flixible runtime 2008 SP2 + SP 1, miniweb.exe
Directory traversal. exploit allows arbitrary files downloading.
 - Siemens WINCC flixible runtime 2008 SP2 + SP 1, miniweb.exe Denial
of Service.
 - LabStoRe <= 1.5.4 SQL Injection allowing admin + pwdhash retreiving.
 - Samsung Data Manager server <= 1.4.2 multiple vulnerabilities.
- SCPSA Carel Plantvisor [0day]. full pwn!
- SCPSA KASKAD scada v.5.00 Remote Heap Overflow. [0day]. full pwn!
- SCPSA Ge Fanuc Proficy HMI/SCADA CIMPLICITY. [0day]. full pwn!

AGORA 2.8 news:
Well known web software covered this time, including PmWiki, TYP03,
Zabbix and extremely frequent Wordpress plugin - UPM-POLLS.
full list:
 - PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit
 - TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability
 - Zabbix <= 1.8.4 (popup.php) SQL Injection
 - Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution
 - Wordpress UPM-POLLS Plugin 1.0.4 Remote PHP shell uploader
 - SourceBans 1.4.8 SQL/LFI Injection
 - ITHorizon (lang) SQL Injection Vulnerability
 - DotA OpenStats <= 1.3.9 SQL Injection

Happy New Year to everyone! Best wishes for new upcoming year.

More information about the Canvas mailing list