[Canvas] Gleg exploit packs updates

Yuriy Gurkin audit at gleg.net
Wed Oct 30 18:47:44 UTC 2019

Hi List. New modules available for download.
2.94 Agora:
 - Restaurant Management System 1.0 - Remote Code Execution. public
 - NetHome 3.0-6ae52 Command Injection. [1Day]
 - FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection. public
 - Axis SSI Remote Read Files. public

1.58 Defpack:
 - Jovision IP camera Credential Disclosure vulnerability. public
 - Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure. public
 - Fibrehome HG110 Compromise of all configuration details Vulnerability.
 - Belkin Router N150 Path Traversal Vulnerability. public

1.95 SCADA pack:
 - RapidSCADA 5.7.0 ScadaServer - Directory Traversal. [1Day]
 - VxWorks TCP Urgent pointer = 0 integer underflow vulnerability.
 - BACnet Stack 0.8.6 Denial of Service vulnerability. CVE-2019-12480

1.32 Medpack:
- DICOM3 Medical Imaging Solution ActiveX Remote Code Execution
Vulnerability. 1Day

Happy pentesting,
Gleg`s Security team <http://gleg.net/>
Follow us on Twitter: GlegExploitPack <https://twitter.com/GlegExploitPack>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/canvas/attachments/20191030/858cec0b/attachment.html>

More information about the Canvas mailing list