[Canvas] Agora pack 2.56 is out

Yuriy Gurkin audit at gleg.net
Fri Aug 26 06:54:51 EDT 2016

Hi, list,
2.56 version contains 6 modules. List:

- ProjectSend Arbitrary File Upload Exploit Exploit
- ATutor 2.2.1 SQL Injection and Remote Code CVE-2016-2555
- Bonita BPM 6.5.1 Arbitrary File Download CVE-2015-3897
- Wordpress Mailchimp plugin Remote Code Execution via email field.
- The World Browser 3.0 Final - OLE Automation Array Remote Code Execution
- WordPress Booking Calendar Contact Form 1.0.2 - Blind SQL injection

Happy pentesting,
Gleg`s Security team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20160826/add77502/attachment.html>

More information about the Canvas mailing list