[Canvas] SCADA 1.19, Agora 2.18 are out

Yuriy Gurkin audit at gleg.net
Wed Nov 7 02:06:49 EST 2012

Hi list,
SCADA+ 1.19 is out with two [0days] for SCADA!
We also continue to add info to network devices section... 3 modules
this time along with 1 [0day].
Listing: [Network Devices]:
 - [0day] AirTies rt104 router unauthorized download config
 - Directory Traversal Vulnerability in Sitecom Home Storage Center
 - Thomson twg850-4 Unauthenticated Backup File Access
 - [0day] WINCC v7.0 SP2 CCEServer.exe denial of service
 - [0day] Ge Fanuc Proficy HMI/SCADA CIMPLICITY WebView/ThinView
server 8.10.0000.18236 info disclosure

Agora 2.18 contains several web modules and a client side:
ag_AB_Banner_Exchange_lfi - AB Banner Exchange Local File Inclusion"
ag_wordpress_cloudsafe365 - WordPress Cloudsafe365 Local File Inclusion
ag_webERP_DoS - webERP <=4.08.4 MySQL DoS
ag_Clipbucket - Clipbucket v2.x Arbitrary Delete Vulnerability
ag_EMC_ApplicationXtender - [0day] (diffferent method than in CVE) EMC
ApplicationXtender Web Access Remote Arbitrary File Replace
Minor bug fixes in mobile apps scan&sploit tool.

More information about the Canvas mailing list