[Canvas] Gleg Agora, SCADA, Def, ZDA updates

YG audit at gleg.net
Thu Aug 5 17:37:34 UTC 2021

Dear colleagues, new modules available for download.

SCADA 2.16 :
- ioBroker 1.5.14  Directory Traversal Vulnerability. CVE-2019-10767
  - OpenPLC 3 Remote Code Execution. pub
  - ScadaBR 1.0 Arbitrary File Upload. pub
  - SmartPTT Arbitrary File Upload [1Day]
- SmartPTT Information Disclosure [1Day]

Agora 3.15:
  - VTENEXT 19 Remote Code Execution [1day]
  - CentOS Web Panel idsession root Remote Code Execution. CVE-2021-31324
  - GravCMS AdminPlugin 1.10.7 Unauthenticated Arbitrary YAML Write to  
RCE. CVE-2021-21425
  - Black Ice Software Image SDK any file Delete Vulnerability [1day]
  - Codejock Xtreme Suite Pro ActiveX 16.3.1 Retail Remote Code  
Execution Vulnerability [1day]
  - HexaTech ViewPro ActiveX Report Generator Remote Code Execution  
Vulnerability [1day]

DefPack 1.69:
  - SolarLog 500 2.8.2 Unprotected Storage of Credentials Vulnerability. pub
  - Ambarella Oryx RTSP Server DoS CVE-2020-24918
  - IPFire 2.25 Remote Code Execution CVE-2021-33393
  - JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Config

ZDA 1.35 extra exploits:
  - F5 BIG-IP TMUI Directory Traversal Vulnerability CVE-2020-5902
  - Ricon Industrial Cellular Router S9922XL Remote Command Execution. public
  - Seagate BlackArmor NAS sg2000-2000.1331 RCE . public
  - TG8 Firewall Remote Code Execution. public

Happy pentesting,
Gleg Security team
Follow us on https://twitter.com/GlegExploitPack

More information about the Canvas mailing list