[Canvas] Gleg Agora, SCADA, Def, ZDA updates
YG
audit at gleg.net
Tue Nov 16 18:11:20 UTC 2021
Dear colleagues, new modules available for download.
SCADA 2.19 :
- ARSoft Visual IO SCADA DDE Server Denial of Service [1Day]
- B&R Automation Studio WebServer Denial of Service [1Day]
- SEL AcSELerator Architect 2.2.24 CPU Exhaustion Denial of Service
CVE-2018-10608
- Unitronics VisiLogic_C File Create Vulnerability [1Day]
Agora 3.18:
- CVE-2021-41773, CVE-2021-42013 Apache HTTP Server 2.4.49, 2.4.50
dirtrav vulnerability potentially leading to RCE
- GitLab 12.9.0 Directory Traversal CVE-2020-10977
- GLPI 9.5 Authenticated File Delete. [1Day]
- GLPI 9.5 Unauthenticated Password Change PoC. [1Day]
- IPS Community Suite <= 4.5.4.2 PHP Code Injection Vulnerability
CVE-2021-32924
- phpMyAdmin 4.8.x before 4.8.2 attacker can include (view and
potentially execute) files on the server.
- Xceed Software Zip for ActiveX File Create Vulnerability [1Day]
DefPack 1.72:
- D-Link DSL-2875AL Remote Password Disclosure. pub
- IPCop 2.1.9 Remote Code Execution. pub
- LANCOM R&S Unified Firewalls UF-XXX Relative Path Traversal
Vulnerability. pub
- CC8800-CMTS credential disclosure vulnerability. pub
- SV3C L-Series HD Camera Remote Configuration Disclosure CVE-2018-12671
- TBK DVR4104 and DVR4216 Credentials Leak CVE-2018-9995
ZDA 1.38 extra exploits:
- Blue Iris Video_Management Software ActiveX Control Remote Code
Execution Vulnerability [0Day]
- GitLab 13.10.2 remote command execution CVE-2021-22205
- Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 info leak
- DBI Technologies Studio Controls for COM Remote Code Execution
unsafe ActiveX method, RCE [0Day]
- IMT Analytics AG FlowAnalyser FlowLab unsafe ActiveX method, RCE. [0Day]
- Mitsubishi Electric & INEA SmartRTU Source Code Disclosure CVE-2021-40382
- SonicWall SMA 10.2.1.0-17sv Password Reset CVE-2021-20034
Happy pentesting,
Gleg Security team
Follow us on https://twitter.com/GlegExploitPack
More information about the Canvas
mailing list