[Canvas] Gleg updates for ZDA, Agora, SCADA, Def, Med

audit at gleg.net audit at gleg.net
Fri Feb 28 17:50:41 UTC 2020

New packages versions released with new modules.

ZDA new 0days:
  - Shopping Website 1.11.1  'bilingstate' - SQL Injection [0Day]
  - School ERP System 1.0 Arbitrary File Upload [0Day]
  - CHMBAC Student Management System Arbitrary File Upload [0Day]
  - Zurich Instruments LabOne Denial of Service [0day]

  Agora 2.98:
  - Voyager 1.3.0 - Directory Traversal. public
  - Online Book Store 1.0 - SQL Injection. public
  - Online Book Store 1.0 - Unauthenticated Remote Code Execution. public
  - Crystal Live HTTP Server 6.01 Directory Traversal. public

  Def 1.52:
  - TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot. public
  - Huawei HG255 Directory Traversal. public
  - Citrix Gateway Directory Traversal Vulnerability. public
  - Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure.  

  MedPack 1.34:
  - ezDICOM ActiveX Control Remote File Overwrite Vulnerability 2. 1Day

  Scada 1.99:
  - ThingsBoard 2.4.1 Remote Code Execution. [1Day]
  - Mitsubishi Electric smartRTU INEA ME-RTU Unauthenticated  
Configuration Download. CVE-2019-14927
  - InTouch Edge HMI v8.1 MobileAccessTask DoS. [1Day]

Happy pentesting,
Gleg`s Security team
Follow us on https://twitter.com/GlegExploitPack

More information about the Canvas mailing list