[Canvas] Gleg Agora, SCADA, Def, Med, ZDA updates are out

YG audit at gleg.net
Thu Feb 10 13:25:04 UTC 2022

Dear colleagues, new modules available for download.

Agora 3.21
  - GLPI 9.5 Authenticated SQL Injection  [1Day]
  - TELEFONE IP TIP200/200 Dir Trav. public
  - Payara Micro Community Info Disclosure CVE-2021-41381
  - Handysoft Groupware RCE CVE-2021-26608
  - Apache 2.4.50 Remote Code Execution CVE-2021-42013

DefPack 1.75:
- Blue Iris Video_Management Software ActiveX Control Remote Code  
Execution Vulnerability [1day]
  - D-Link DCS-2103 Network Ip Camera Directory Traversal Vulnerability. public
  - Orange Livebox devices  Wi-Fi infoleak
+Tellion and Tiandy devices vulns

SCADA 2.22 :
  - Eaton Visual Designer v7.1 software Remote Code Execution  
Vulnerability [1Day]
  - ICPDAS NAPOPC_ST DA Server [1Day] DoS PoC
  - Keysight Communications Fabric Denial of Service [1Day]
  - Standa SMCVieW Remote Code Execution Vulnerability [1Day]

ZDA 1.41 :
  - OpenHAB 3.2.0 Authenticated Remote Code Execution  [0Day]
  - WebHMI 4.0.7475 Remote Code Execution CVE-2021-43936
  - Vodafone H-500-s 3.5.10 WiFi Password Disclosure. public
  - Fujitsu-Siemens ServerView Remote Command Execution. old public

Happy pentesting,

Gleg Security team
Follow us on https://twitter.com/GlegExploitPack

More information about the Canvas mailing list