[Canvas] Gleg Agora, SCADA, Def, Med, ZDA updates

audit at gleg.net audit at gleg.net
Wed Jul 29 17:06:45 UTC 2020

Hello dear colleagues, new updates are available for download from our  
new server (have resent keys to all clients):

1.57 DefPack :
  - CVE-2020-3161 Cisco IP Phones remote DoS, possible exec PoC. pub
  - Netgear DGN2000v1 Setup.cgi Unauthenticated Remote Code Execution. pub
  - Netgear DGN2200 DGND3700 Admin Password Disclosure. pub

SCADA  2.04:
  - Honeywell XL1000C50 Information Disclosure. public
  - Pro-face GP-Pro EX HMI v.4.01.000 WinGP.exe File Upload. old 0day  
of ours, probably now public.

Agora 3.03:
  - CuteNews 2.1.2 - Arbitrary File Deletion
  - I-DoIt 1.14.1 - Arbitrary File Deletion
  - Webtateas 2.0p6 - Directory Traversal
  - ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection. CVE-2020-11530

MedPack 1.36:
  - DICOM Worklist Server Directory Traversal Vulnerability. 1day

ZDA  1.25:
3 new public modules for web related software.

Stay healthy and happy pentesting,
-Gleg's research team

More information about the Canvas mailing list