[Canvas] Gleg Agora, SCADA, Def, Med, ZDA updates are out

YG audit at gleg.net
Thu Dec 9 17:31:22 UTC 2021

Dear colleagues, new modules available for download.

Agora 3.19:
  - PHPFusion 9.10.0 User Enumeration [1Day]
  - Webmin 1.973 Cross-Site Request Forgery to RCE. CVE-2021-31761
  - ReQuest Serious Play F3 Media Server Remote Denial of Service. pub
  - Mini Mouse 9.2.0 RCE. pub
  - Mini Mouse 9.2.0 Directory Traversal. pub

DefPack 1.73:
  - GV-Mobile Server V1510 Remote File Create Vulnerability [1day]
  - GeoVision GV-Recording Server Remote File Overwrite weakness [1day]
  - Xceed Software Encryption ActiveX weakness [1day]
  - ARD-9808 DVR Card Security Camera Remote Denial of Service. pub

MedPack 1.43 :
  - DBI Technologies Studio Controls for COM Remote Code Execution  
Vulnerability [1day]
  - OpenEMR < 5.0.1 (Path 4) SQL Injection [1day]

  SCADA 2.20 :
  - ECOA Building Automation System Config file download. pub
  - Digital Sentry Server Remote Arbitrary File Overwrite CVE-2021-27197
  - Samkoon HMI Manager DoS [1Day]
  - Siemens WinCC TIA Portal v13-v16 DoS CVE-2019-19282
- WiSCADA TsDatabase [1Day] DoS

ZDA 1.39 :
  - PHPFusion 9.10.11 User Enumeration [0Day]
  - Bosch Security Systems VideoSDK RCE  [0Day]
  - Brainchild Electronic Panel Studio DoS [0Day]
  - Serva 4.4.0 WEB Server DirTrav [0Day]
  - Standa SMCVieW Remote Code Execution Vulnerability Standa [0Day] and more

Happy pentesting,
Gleg Security team
Follow us on https://twitter.com/GlegExploitPack

More information about the Canvas mailing list