[Canvas] Gleg Agora, SCADA, Def updates

YG audit at gleg.net
Thu May 13 17:11:48 UTC 2021

Dear colleagues, new modules available for download.

2.13 SCADA+ :
  - Beckhoff CP-Link 3 CplGfxClient Denial of Service. [1Day]
  - Fernhill SCADA Server Denial of Service. [1Day]
  - Merz MScada Server 2.1.15269.5804 Denial of Service. [1Day]
  - WebHMI 4.0.7348 Persistent Cross-Site Scripting. [1Day]

1.66 DefPAck:
  - Dell KACE Systems Management Appliance (K1000) Unauthenticated RCE. pub
  - D-LINK DIR-610 Authenticated RCE. CVE-2020-9377
  - D-LINK DIR-610 Info Disclosure. CVE-2020-9376
  - AndroVideo Advan VD-1 Password Disclosure. CVE-2019-11064

Agora 3.12:
  - Apache 2.4.7 mod_status Denial of Service. pub
  - Apache Druid <0.20.1 Remote Code Execution. CVE-2021-25646
  - Apache Unomi 1.5.1 Remote code execution CVE-2020-13942
  - Batflat CMS 1.3.6 - Remote Code Execution CVE-2020-35734

Happy pentesting,
Gleg`s Security team
Follow us on https://twitter.com/GlegExploitPack

More information about the Canvas mailing list