[Canvas] Gleg Agora, SCADA, Def, Med and ZDA updates
YG
audit at gleg.net
Mon Apr 5 10:52:39 UTC 2021
Dear colleagues, new modules available for download.
ZDA 1.32: ICS 0days in this release
- SmartPTT SCADA 1.1.0.0 Remote Code Execution [0Day]
- SmartPTT Arbitrary File Upload [0Day]
- WebHMI 4.0.7348 Denial of Service [0Day]
2.12 SCADA+ :
- Advantech iView Missing Authentication RCE (FIXED). CVE-2021-22652
- ADwin software package CD 6.00.28.03 Remote File Create
Vulnerability unsafe ActiveX method [1Day]
- Beckhoff TwinCAT 3x EventConfigurator Remote Code Execution
Vulnerability unsafe ActiveX method [1Day]
- Schneider Electric ProWORX 32 DXFREADERlib DXFReader.ocx Remote
File Create Vulnerability unsafe ActiveX method [1Day]
1.65 DefPAck:
- ZeroShell Linux Router 3.9.3 OS Command Injection. CVE-2020-29390
- Remote Code Exection. CVE-2020-35578
- Intelbras Router RF 301K 1.1.2 - Authentication Bypass. pub
- HIRSCHMANN GECKO Lite Managed switch Configuration Disclosure. pub
- Humax Wi-Fi Router HG100R credential disclosure vulnerability. pub
Agora 3.11:
- Tekla Web Viewer Remote File Create Vulnerability [1day]
- Sonatype Nexus 3.21.1 Remote Code Execution. CVE-2020-10199
- EyesOfNetwork 5.3 Local File Inclusion. pub
- Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to
8.5.56 and 7.0.27 to 7.0.104 DoS. CVE-2020-13935.
- Apache Flink 1.11.x Unauthenticated Arbitrary File Read
Vulnerability. 2020-17519
MedPack 1.40
- DicomObjects.COM C++ ActiveX library Remote File Create
Vulnerability. [1day]
- MediSoft Network Professional Remote Arbitrary File Overwrite. [1day]
Happy pentesting,
Gleg`s Security team
Follow us on https://twitter.com/GlegExploitPack
More information about the Canvas
mailing list