[Canvas] Agora, DefPack and MedPack updates available

Yuriy Gurkin audit at gleg.net
Sat Apr 30 19:16:24 EDT 2016

Agora 2.52 version has the following fresh modules. All for web soft this
 - DedeCMS < 5.7-sp1 - Shell Upload Vulnerability
 - Joomla J2Store 3.1.6 - Blind SQL Injection
 - Joomla HTTP Header Unauthenticated Remote Code Execution
 - Wordpress N-Media Website Contact Form 1.3.4 File Upload Vulnerability
 - Wordpress WP Mobile Edition Version 2.2.7 Arbitrary File Download
 - WordPress WP Symposium Plugin 15.1 - Blind SQL Injection

DefPack 1.6 has following new modules for public vulns:
 - Panda Security for Business Remote Code Execution Exploit
 - Solarwinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command
 - This module exploits multiple vulnerabilities found in Solarwinds
Firewall Security Manager. based on CVE-2015-2284 and leveraged to RCE
 - Network Performance Monitor < 11.5 and 5! other popular software pieces.
 - Symantec pcAnywhere 12.5.0 - Remote Command Execution.

MedPack 1.9 list:
 - Medtronic Valleylab Software DoS 0-Day.
 - Simacle hospital Blind SQL injection Vulnerability

Best Regards and Happy Pentesting!
Gleg ltd's team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20160501/cbfdccc3/attachment.html>

More information about the Canvas mailing list