[Canvas] SCADA+, Agora, Med, Def packs are out

Yuriy Gurkin audit at gleg.net
Mon Sep 26 07:23:59 EDT 2016

Hi, list,

SCADA+ 1.58

- MH-SCADA Command Execution 0-Day
- Kinco HMIware_CZ KHComserver Denial Of Service Vulnerability 0-Day
- AutoBase Network Server Denial Of Service 0-Day
- Proxmox VE < 3.4-10 Configuration file overwriting

Agora 2.57

- SolarWinds Orion Service - SQL Injection CVE-2014-9566
- Sysax Multi Server 6.50 - HTTP File Share SEH Overflow Denial Of Service
- Visual Mining NetCharts Server 7.0 - Remote Code Execution Vulnerability
- Blind SQL injection Vulnerability
- WeBid 1.1.1 Unrestricted File Upload Exploit

MedPack 1.13

- Chikitsa Patient Management System Removing Files 0-Day
- MedWebTux SQL Injection and Auth Bypass 0-Day

DefPack 1.11

- Symantec Workspace Streaming v.6.1 Remote Code Execution Vulnerability
- Freeproxy Internet Suite 4.10 Remote DoS

Happy pentesting,
Gleg`s Security team.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20160926/72b57733/attachment.html>

More information about the Canvas mailing list