Gleg Security

1.98 SCADA pack updates: - MajorDoMo 1.2.0b Information Disclosure , SQLis... two [1Days] - ScadaLTS 1.1 Arbitrary File Upload/Remote Code Execution [1Day]

1.51 Defpack updates: - Bullwark Momentum Series JAWS 1.0 Directory Traversal. public - NVMS 1000 network video monitoring Directory Traversal. public

2.97 Agora updates: - Roxy Fileman 1.4.5 For PHP Arbitrary file delete. public - Roxy Fileman 1.4.5 For PHP Local File Inclusion. public - Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow. CVE-2019-16702 - rimbalinux AhadPOS 1.11 - SQL Injection. public

SCADA 1.97 updates: - Omron PLC 1.0.0 - Denial of Service. public - MajorDoMo 1.2.0b - three nice exploits including RCE. [1Day]s

DefPack 1.50 network devices vulns: - Moxa EDR-810 Information Disclosure. CVE-2019-10963 - Yealink VoIP Phone SIP-T38G Local File Inclusion. public - V-SOL GPON/EPON OLT Platform 2.03 Configuration Download. public

Agora 2.96 : - Freefloat FTP Server Denial of Service. public - Image Viewer CP Gold SDK ActiveX Remote File Create Vulnerability. 1Day - Jobberbase 2.0 CMS SQL injections. public - MOVISTAR BHS_RTA ADSL Router Remote File Disclosure. public

MedPack 1.33: - ezDICOM ActiveX viewer Remote File Overwrite Vulnerability. 1Day

ZDA pack new [0Day]s: Cogent_DataHub_9x, InTouch_Edge_HMI_MobileAccessTask and more

1.49 DefPack: - ZTE ZXHN H108N info disclose. public - XiongMai ip cameras Path Traversal. public - Vivotek IP Cameras Credentials Leakage via Path Traversal

1.96 SCADA Pack: - Siemens SICAM A8000 Series Unauthenticated Remote Denial of Service. CVE-2018-13798 - NetHome 3.0-6ae52 Arbitrary File Upload. [1Day] - LabCollector 5.423 - SQL Injection. public

- Apache Solr 8.2.0 - Remote Code Execution. public - MAPLE Computer WBT SNMP Administrator Remote DoS. public - TheSystem 1.0 - Command Injection. public - Xitami Web Server 2.5 Remote Crash. public

Gleg ZDA pack 1.18 update! 0Day modules + featured public as always available first for ZDA users: SCADA: OpenAPC RCE. [0Day] ; IGSS 9 DoS public. Defense, IOT and general software/devices : AXIS, SIEMENS, MegaPixel, Honeywell... nice IP-Cameras vulns

1.95 SCADA pack: - RapidSCADA 5.7.0 ScadaServer - Directory Traversal. [1Day] - VxWorks TCP Urgent pointer = 0 integer underflow vulnerability. CVE-2019-12255 - BACnet Stack 0.8.6 Denial of Service vulnerability. CVE-2019-12480

1.32 Medpack: - DICOM3 Medical Imaging Solution ActiveX Remote Code Execution Vulnerability. 1Day

1.58 Defpack: - Jovision IP camera Credential Disclosure. public - Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure. public - Fibrehome HG110 Compromise of all configuration details Vulnerability. public - Belkin Router N150 Path Traversal Vulnerability. public

1.47 Defpack: - Cisco RV300 RV320 Information Disclosure. CVE-2019-1653 - Cisco Video Surveillance Operations Manager DirTraversal. public - Path Traversal in Gateway in Mirasys DVMS Workstation. CVE-2018-8727 - 3Com Intelligent Management Center vuln

1.94 SCADA pack: - FANUC Robotics Virtual Robot Controller. CVE-2019-13584 - IntegraXor 8 Stable SCADA Remote Denial of Service [1Day] - XISOM X-Scada Directory Traversal [1Day] - FESTO Designer Studio DirTrav [1Day]

2.93 Agora: - jc21 Nginx Proxy Manager. CVE-2019-15517 - Karenderia Multiple Restaurant System 5.3 - Local File Inclusion. public - Sahi pro 8.x CVE-2019-13063 - pretty often used NCTAudioEditor ActiveX sploit

ZDA updated with 0days: SasCAM_Webcam_Server, Diamond SCADA vuln, Rapid SCADA vuln and more...

1.46 ver. of DefPack contains 3 modules: - FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure. [CVE-2018-13379] - SecuCON NVR Directory Traversal. [public] - Trend Micro Deep Discovery Inspector Commandline Injection. [public]