[Canvas] SCADA+, Agora, Def and Med packs are out

Yuriy Gurkin audit at gleg.net
Mon Nov 28 06:02:28 EST 2016

SCADA+ 1.60

- SCADA ViSA 7.6.132 Code Execution Vulnerability 0-Day
- ICONICS Genesis32 SCADA WebHMI Remote Arbitrary empty File Create 0-Day
- Century Star NetComm.exe DoS Vulnerability 0-Day

Agora 2.59

- Novell ServiceDesk 7.1 Authenticated File Upload
- Phpbugtracker - Blind SQL injection Vulnerability
- ZCMS 1.1 JavaServer Pages Content Management System  - Blind SQL
injection Vulnerability
- WordPress SP Projects And Document Manager SQL Injection
- Serego CMS <= v.1.6.1 - main.php Blind Time-based SQL Injection

DefPack 1.13

- Juniper ScreenOS - Hardcoded Password
- Grandstream GXV3611_HD camera SQL injection

MedPack 1.14
- Axilog Buffer Overflow Remote Code Execution 0-Day
- Duerr Dental DBSWIN Buffer Overflow Remote Code Execution 0-Day
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20161128/eac59316/attachment.html>

More information about the Canvas mailing list