[Canvas] SCADA+ 1.24, Agora 2.24 are out!

Yuriy Gurkin audit at gleg.net
Tue May 14 15:31:16 EDT 2013

Hi list,
SCADA+ 1.24 pack version contains four new modules covering industrial
related software.
Among them 2 0days:  DoS for Moxa tool and buffer overflow exploit for
Schnider Electric Web Designer.
 - Clorius Controls ICS SCADA Information Disclosure
 - Mitsubishi MX ActiveX Component exploit
 - MOXA Mass Configuration Tool Denial of Service [0Day]
 - Schnider Electric Web Designer remote BOF bug [0Day]

Agora 2.24:
As always, pack containts fresh vulns in widely used web software
(huge number of installations in the Internet) and more...
 - McAfee Virtual Technician ActiveX exploit allowing Arbitrary File Replace
 - Sysax Multi Server SSH Denial of Service
 - WordPress Plugin Google Document Embedder Arbitrary File Disclosure
 - Joomla com_collector Component Arbitrary File Upload Vulnerability


More information about the Canvas mailing list