[Canvas] Gleg Agora, SCADA, Def, ZDA updates
YG
audit at gleg.net
Sat Oct 9 16:33:49 UTC 2021
Dear colleagues, new modules available for download.
SCADA 2.18 :
- ADLINK AD-Logger V1.20 Remote Code Execution Vulnerability. public
- mySCADA myPRO 7 remote discover all ProjectID CVE-2018-11517
- PROMOTIC SCADA v8.0.13 Remote Code Execution Vulnerability [1day] ActiveX
- Pult Online v270 Information leak [0day]
- SmartPTT Local File Inclusion [1Day]
- SmartPTT SCADA 1.1.0.0 Remote Code Execution [1Day]
- WiSCADA 2.0 Remote Arbitrary File Overwrite ActiveX unsafe [1Day]
Agora 3.17:
- Websvn 2.6.0 Remote Code Execution CVE-2021-32305
- osCommerce 2.3.4.1 Remote Code Execution pub
- GLPI 9.5 Unauthenticated User Enumeration [1day]
- GLPI 9.5 Unauthenticated User Enumeration [1day]
- wordpress CVE-2021-29447 vuln
- Citrix XenMobile Server Path Traversal Vulnerability CVE-2020-8209
DefPack 1.71:
- Denver IP Camera SHO-110 Unauthenticated Snapshot. pub
- F5 BIG-IP TMUI Directory Traversal Vulnerability CVE-2020-5902
- PLANEX CS-QP50F-ING2 Security Surveillance Smart Camera Remote
Configuration Disclosure . pub
- Positive Technologies Maxpatrol 8 and Xspider Remote DoS. pub
- Seagate BlackArmor NAS sg2000-2000.1331 Remote Code Execution. pub
- TG8 Firewall Remote Code Execution. pub
ZDA 1.37 extra exploits:
- Apache 2.4.49 Remote Code Execution CVE-2021-41773
- Confluence Server 7.12.4 - Remote Code Execution (Unauthenticated)
CVE-2021-26084
- Gitlab 13.10.3 Unauthenticated User Enumeration. pub
- PHPFusion 9.10.0 Arbitrary User Logout. pub
- Xceed Software Zip for ActiveX File Create Vulnerability [0Day]
Happy pentesting,
Gleg Security team
Follow us on https://twitter.com/GlegExploitPack
More information about the Canvas
mailing list