[Canvas] Gleg updates

YG audit at gleg.net
Thu Feb 18 20:13:10 UTC 2021

Dear colleagues, new modules available for download.

2.10 SCADA+ :
  - Advantech ActiveDAQ Pro AdvButton.dll Remote Code Execution  
Vulnerability  usafe method[1Day]
  - Advantech ActiveDAQ Pro Remote Code Execution Vulnerability.  
unsafe method [1Day]

1.39 MedPack:
  - MedDream PACS Server 7.1.1 Persistent Cross-Site Scripting [1day]
  - LibreHealth 2.0.0 Remote Code Execution via unsafe activex [1day]

ZDA 1.30:  four unsafe activex 0days in nice software
  - Black Ice Software Image SDK any file Delete Vulnerability.
  - Codejock Xtreme Suite Pro ActiveX 16.3.1 Retail Remote Code Execution
  - HexaTech ViewPro ActiveX  RCE
  - Tekla Web ViewerRemote File Create

1.63 DefPAck:
  - D-Link DSR-250N 3.12 Denial of Service. CVE-2020-26567
  - HiSilicon Video Encoders Information Disclosure. CVE-2020-24219
  - Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal. pub
  - TP-Link TL-WA855RE  Device Reset Auth Bypass. CVE-2020-24363

Agora 3.09:
  - Apache Flink 1.9.1  File Upload RCE (Unauthenticated). pub
  - EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture.   
  - GOautodial 4.0  Remote Code Execution. pub
- TextPattern CMS 4.8.3 Remote Code Execution. pub

Happy pentesting,
Gleg`s Security team
Follow us on https://twitter.com/GlegExploitPack

More information about the Canvas mailing list