[Canvas] Fwd: Agora 2.8, SCADA+ 1.9 are available for download
Yuriy Gurkin
audit at gleg.net
Fri Jan 6 11:01:34 EST 2012
another try to send to list.
---------- Forwarded message ----------
From: Yuriy Gurkin <audit at gleg.net>
Date: Fri, Dec 30, 2011 at 12:13 AM
Subject: Agora 2.8, SCADA+ 1.9 are available for download
To: canvas at lists.immunitysec.com, Admin <admin at immunityinc.com>
Hi list,
SCADA+ 1.9 news:
New modules for public vulns in CoDeSys, Siemens WINCC and Samsung air
conditioning Data manager server. Some allows full system compromise!
For step ahead SCADA+ (SCPSA) users there are Three additional 0days
for well known SCADAs ... all allowing full pwn!
Modules list:
- Samsung Data Manager server (air conditioning systems) == 1.4.1
hardcoded credentials. [0day]
- CoDeSys SCADA v2.3 Webserver Stack Buffer Overflow. exploit allows full pwn.
- Siemens WINCC flixible runtime 2008 SP2 + SP 1, hmiload.exe
directory traversal. exploit allows full pwn via troyan uploading.
- Siemens WINCC flixible runtime 2008 SP2 + SP 1, miniweb.exe
Directory traversal. exploit allows arbitrary files downloading.
- Siemens WINCC flixible runtime 2008 SP2 + SP 1, miniweb.exe Denial
of Service.
- LabStoRe <= 1.5.4 SQL Injection allowing admin + pwdhash retreiving.
- Samsung Data Manager server <= 1.4.2 multiple vulnerabilities.
- SCPSA Carel Plantvisor [0day]. full pwn!
- SCPSA KASKAD scada v.5.00 Remote Heap Overflow. [0day]. full pwn!
- SCPSA Ge Fanuc Proficy HMI/SCADA CIMPLICITY. [0day]. full pwn!
AGORA 2.8 news:
Well known web software covered this time, including PmWiki, TYP03,
Zabbix and extremely frequent Wordpress plugin - UPM-POLLS.
full list:
- PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit
- TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability
- Zabbix <= 1.8.4 (popup.php) SQL Injection
- Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution
- Wordpress UPM-POLLS Plugin 1.0.4 Remote PHP shell uploader
- SourceBans 1.4.8 SQL/LFI Injection
- ITHorizon (lang) SQL Injection Vulnerability
- DotA OpenStats <= 1.3.9 SQL Injection
Happy New Year to everyone! Best wishes for new upcoming year.
More information about the Canvas
mailing list