[Canvas] Agora 2.17, SCADA+ 1.18 packs are out

Yuriy Gurkin audit at gleg.net
Wed Oct 10 06:45:34 EDT 2012

Hi list,
SCADA+ 1.18 is out with 3 new scada related 0days! and enhanced
network devices exploitation tool.
Network devices modules include those for AirOS and famous Qlogic.
Modules list
[Network devices]:
 - Ubiquiti Networks AirOS Directory Traversal Vulnerability for AirOS
5, 4.0, 3.6.1
 - Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure
 - QLogic SANsurfer FC HBA Manager Directory Traversal vulnerability.
  - new version 1.1 of Automated network devices exploitation tool.
see changelog for details
 - [0day] Elipse E3 ActiveReports Remote Arbitrary File Replace
 - [0day] Carel Plantvisor v.2.4.4 (possibly others) directory
traversal vulnerability.
 - [0day] QNX FTPD DoS

Agora 2.17 is focused on pretty famous "Spying" software. Modules for
mobile devices are now easier to launch with the help of a new tool
(mobile scanner and autolaunch tool)
Modules list
 - Cyclope Employee Surveillance Solution v6.0 SQL Injection and
Remote PHP Code Injection
 - Quest InTrust 10.4.x Remote Code Execution
 - [0day] DoS Spytech NetVizor v6.1
- Automated tool for exploiting vulnerabilities of mobile devices and services


More information about the Canvas mailing list