[Canvas] SCADA+, Agora, Def packs are out

Yuriy Gurkin audit at gleg.net
Fri Oct 28 05:01:02 EDT 2016

SCADA+ 1.59

- Yaskawa SigmaWinPlus Remote Arbitrary File Overwrite 0-Day
- GX IEC Developer 5.02 Remote Arbitrary File Overwrite 0-Day
- CodeMeter WIBU-SYSTEMS AG Denial Of Service Vulnerability 0-Day

Agora 2.58

- exploits XXE and SQL injection flaws in Symantec Endpoint Protection
- Apache Jetspeed v.2.3.0 Remote Code Execution Vulnerability
- Wordpress Ajax Load More PHP Upload Vulnerability
- Wordpress Plugin Reflex Gallery - Arbitrary File Upload
- CuteNews 2.0.3 File Upload Vulnerability
- BlackCat CMS v1.1.1 Arbitrary File Download

DefPack 1.12

- ManageEngine EventLog Analyzer =< v.10.6 Remote Code Execution
- This module exploits a default credential vulnerability in ManageEngine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20161028/8d0cb228/attachment.html>

More information about the Canvas mailing list