[Canvas] Agora 2.27, SCADA+ 1.27 are out

Yuriy Gurkin audit at gleg.net
Fri Sep 6 14:11:19 EDT 2013

Agora 2.27:
contains 3 new defense modules for HP and Novell Zenworks software
along with 3 httpd server side exploits!
 - HP Data Protector 6.1 Command Execution
 - HP Intelligent Management Center v. <= 5.1:e0202 Remote File Upload
 - Novell ZENworks Configuration Management Remote Code Execution
 - DeWeS web server Directory Traversal Vulnerability
 - onehttpd 0.7 Denial of Service
 - Ultra Mini HTTPD stack buffer overflow

SCADA+ 1.27:
contains 4 modules for 3S, pwStore, National Instruments industrial software.
This time all CVE listed.
 - pwStore Denial of Service
 - 3S CODESYS Gateway-Server <= Directory traversal vulnerability.
 - two modules for different National Instruments LabWindows/CVI,
LabVIEW, and other products ActiveXes.

Happy pentesting.

More information about the Canvas mailing list