[Canvas] Agora pack 2.32 ; SCADA pack 1.32 are out !

Yuriy Gurkin audit at gleg.net
Fri Mar 7 11:09:11 EST 2014

Hi list,
Agora 2.32 version contains following new modules for iOS and windows
 - FileMaster SY-IT v3.1 iOS Local File Inclusion. [0-Day].
 - PHP-Nuke 8.2.4 File Inclusion. SOJOBO-ADV-13-04
MyBB <= 1.6.11 - Remote Code Execution Using Admin Privileges.
 - Chamilo LMS 1.9.6  SQL Injection. CVE-2013-6787
 - AjaXplorer Directory traversal vulnerability. CVE-2013-5688
 - MediaWiki <= 1.22.1 PdfHandler Remote Code Execution. CVE-2014-1610

SCADA 1.32 update contains pretty interesting 0days, including one for iOS
scada system! List:
  - ScadaMobile ONE v2.5.2 Directory Traversal Vulnerability [0Day]
 - Ecava IntegraXor <= 4.1.4380 - Denial of Service. ICSA-14-016-01
 - Delta Electronics Buffer Overflow Exploit [0Day]
 - Advantech WebAccess ActiveX ProjectName() exploit [0Day]
 - Ecava IntegraXor SCADA <= 4.1.4380 Information leak. [0Day]

Two new videos are also available on https://vimeo.com/user7532837

Happy hunting!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20140307/cece2a27/attachment.html>

More information about the Canvas mailing list