[Canvas] SCADA+ 1.15, Agora 2.14 are out

Yuriy Gurkin audit at gleg.net
Tue Jul 17 14:53:03 EDT 2012


Hi list,
We continue to cover mobile apps, so New Agora 2.14 include a bunch of
mobile applications modules for iPhone and Android allowing
information steal and DoS;
plus defensive and web app modules... including DoS for PcAnywhere,
and funny RIPS (web app fuzzer) local file include.
The highlighted modules list:
[mobile]:
 - Android FTPServer 1.9.0 Remote DoS
 - iPhone iFile Directory Traversal
 - iPod Touch/iPhone iFileExplorer Free Directory Traversal
 - iPhone MyDocs Directory Traversal
 - iPhone Folders Directory Traversal
[defense]:
 - D-Link DCS-5605 Network Surveillance ActiveX
 - Symantec PcAnywhere login and password field buffer overflow
[web]:
 - static php source code analyser. RIPS <= 0.53 Local File Inclusion
 - TVersity home media server <= 1.9.7 Arbitrary File Download
 - web publishing engine - ArticleSetup Remote PHP shell uploader

****************
SCADA+ is out with new network devices covered and pretty nice ICS stuff:
  - PowerNet Twin Client <= 8.9 (RFSync 1.0.0.1) DoS
 - RuggedCom devices password generator
 - Sielco Sistemi Winlog Buffer Overflow
[Network devices]:
 - 3Com OfficeConnect ADSL Wireless 11g Firewall Router authentication
bypass 0day
 - Cisco SA500 series SQL Injection
 - Huawei HG866 GPON unauthenticated root pwd change


More information about the Canvas mailing list