[Canvas] Agora 2.42, SCADA+ 1.42, MedPack 1.3 are out !

Yuriy Gurkin audit at gleg.net
Fri Mar 13 10:28:52 EDT 2015

Hi list,
Our new Medical exploits package - MedPack is updated with two 0days:
 - Fluke Biomedical Ansur ActiveX allowing Remote Code Execution [0-day]
 - MaxSystems Inc ActiveX Remote Arbitrary File Deletion Vulnerability
SCADA+ is updated with four 0days, including excellent Mango automation
exploit allowing administrative credentials retrieving.
video available here https://vimeo.com/user7532837/videos
 - B&B Electronics Vlinx ConnectPro Manager DoS [0-Day]
 - Events SCADA HMI <= v.8.58 - reveals sensitive info [0-Day]
 - Mango Automation get login and password list [0-Day]
 - Panasonic Configurator DL DoS PoC [0-Day]

3. Agora contains fresh new modules for web software and one 0day;
- MantisBT <= v1.2.17 - SQL Injection
-SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
- WordPress Revolution Slider Local File Disclosure Vulnerability
- Wordpress Theme Divi Arbitrary File Download Vulnerability

Happy Hunting!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20150313/0627dfbb/attachment.html>

More information about the Canvas mailing list