[Canvas] Agora 2.26, SCADA 1.26 are available.

Yuriy Gurkin audit at gleg.net
Wed Aug 14 16:10:14 EDT 2013

Hi list,
SCADA 1.26 is out with two 0day DoSes for Siemens and Honeywell pieces
of industrial software. plus two ActiveX exploits (one of them is also
0day). Listing:
- SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX Control Remote
Command Execution [0Day].
- Siemens ProTool Pro CS [0Day] DoS.
- Honeywell UniSim ShadowPlant Bridge DoS. [0Day]
- Honeywell ActiveX control code execution. CVE-2013-0108

Agora 2.26 contains a bunch of ftp exploits and nice web app sploits
as usual. Listing:
- phpVMS Virtual Airline Administration. SQL Injection Vulnerability
- Kohana CMS Framework v2.3.3 Directory Traversal Vulnerability
- php-Charts 1.0  Code Execution Vulnerability
- Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of service
- Serva 32 HTTP 2.1.0 Directory Traversal [0Day]
- PCMan's FTP Server 2.0.7 - Buffer Overflow Exploit.
- Baby FTP Server 1.24 - DoS PoC.
Also take a look at our video for previous release's Sophos Web
Protection Appliance exploit. located:

Happy hunting.

More information about the Canvas mailing list