[Canvas] Gleg ltd's updates - New Year release

audit at gleg.net audit at gleg.net
Tue Dec 31 14:02:25 UTC 2019

Hi list,
SCADA 1.97 updates:
  - Omron PLC 1.0.0 - Denial of Service. public
  - MajorDoMo 1.2.0b - three nice exploits including RCE. [1Day]s

DefPack 1.50  network devices vulns:
  - Moxa EDR-810 Information Disclosure. CVE-2019-10963
  - Yealink VoIP Phone SIP-T38G Local File Inclusion. public
  - V-SOL GPON/EPON OLT Platform 2.03 Configuration Download. public

Agora 2.96  :
  - Freefloat FTP Server Denial of Service. public
  - Image Viewer CP Gold SDK ActiveX Remote File Create Vulnerability. 1Day
  - Jobberbase 2.0 CMS SQL injections. public
  - MOVISTAR BHS_RTA ADSL Router Remote File Disclosure. public

MedPack 1.33:
- ezDICOM ActiveX viewer ActiveX Control Remote File Overwrite  
Vulnerability. 1Day

ZDA pack:
Cogent_DataHub_9x, InTouch_Edge_HMI_MobileAccessTask and more

Happy New Year and happy pentesting in the upcoming year,
-Gleg's research team

More information about the Canvas mailing list