[Canvas] Gleg updates for ZDA, Agora, SCADA, Def, Med
audit at gleg.net
audit at gleg.net
Fri Feb 28 17:50:41 UTC 2020
New packages versions released with new modules.
ZDA new 0days:
- Shopping Website 1.11.1 'bilingstate' - SQL Injection [0Day]
- School ERP System 1.0 Arbitrary File Upload [0Day]
- CHMBAC Student Management System Arbitrary File Upload [0Day]
- Zurich Instruments LabOne Denial of Service [0day]
Agora 2.98:
- Voyager 1.3.0 - Directory Traversal. public
- Online Book Store 1.0 - SQL Injection. public
- Online Book Store 1.0 - Unauthenticated Remote Code Execution. public
- Crystal Live HTTP Server 6.01 Directory Traversal. public
Def 1.52:
- TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot. public
- Huawei HG255 Directory Traversal. public
- Citrix Gateway Directory Traversal Vulnerability. public
- Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure.
CVE-2019-20213
MedPack 1.34:
- ezDICOM ActiveX Control Remote File Overwrite Vulnerability 2. 1Day
Scada 1.99:
- ThingsBoard 2.4.1 Remote Code Execution. [1Day]
- Mitsubishi Electric smartRTU INEA ME-RTU Unauthenticated
Configuration Download. CVE-2019-14927
- InTouch Edge HMI v8.1 MobileAccessTask DoS. [1Day]
Happy pentesting,
Gleg`s Security team
Follow us on https://twitter.com/GlegExploitPack
More information about the Canvas
mailing list