[Canvas] SCADA+ 1.15, Agora 2.14 are out
Yuriy Gurkin
audit at gleg.net
Tue Jul 17 14:53:03 EDT 2012
Hi list,
We continue to cover mobile apps, so New Agora 2.14 include a bunch of
mobile applications modules for iPhone and Android allowing
information steal and DoS;
plus defensive and web app modules... including DoS for PcAnywhere,
and funny RIPS (web app fuzzer) local file include.
The highlighted modules list:
[mobile]:
- Android FTPServer 1.9.0 Remote DoS
- iPhone iFile Directory Traversal
- iPod Touch/iPhone iFileExplorer Free Directory Traversal
- iPhone MyDocs Directory Traversal
- iPhone Folders Directory Traversal
[defense]:
- D-Link DCS-5605 Network Surveillance ActiveX
- Symantec PcAnywhere login and password field buffer overflow
[web]:
- static php source code analyser. RIPS <= 0.53 Local File Inclusion
- TVersity home media server <= 1.9.7 Arbitrary File Download
- web publishing engine - ArticleSetup Remote PHP shell uploader
****************
SCADA+ is out with new network devices covered and pretty nice ICS stuff:
- PowerNet Twin Client <= 8.9 (RFSync 1.0.0.1) DoS
- RuggedCom devices password generator
- Sielco Sistemi Winlog Buffer Overflow
[Network devices]:
- 3Com OfficeConnect ADSL Wireless 11g Firewall Router authentication
bypass 0day
- Cisco SA500 series SQL Injection
- Huawei HG866 GPON unauthenticated root pwd change
More information about the Canvas
mailing list