Gleg Security

SCADA pack 2.39: - GEOVAP Reliance SCADA License Service Remote Denial of Service [1day] - Ipswitch WhatsUp Gold TFTP Server Directory Traversal [1day] - WellinTech Kingview 7.5 SP5 ActiveX File Replace / Create [1day] - WinSystems C-more v6.72 Simulator Remote Crash [1day]

ZDA service 1.58 : - Rukovoditel <=3.3.1 Authenticated Code Execution [0day] Authenticated SQL Injection [0day] another Auth SQL Injection [0day] + File Upload [0day]

DefPack 1.92 latest exploits: - Tenda HG6 v3.3.0 Remote Command Injection - Tenda QoS VPN Router G3 Routers Command Execution - TOTOLINK EX200 300Mbps Wireless N Range Extender Command Injection - TOTOLINK A3100R, A830R, A720R Routers Command Injection

Agora 3.38 latest exploits: - Spring4Shell CVE-2022-22965 - Directory Traversal Vulnerability on Nginx merge slashes - Wordpress CVE-2018-12895 - CVE-2021-22204 RCE in exif

D2 pack latest updates: latest v 3.12 - Tiny PXE WEB Server infoleak 0day - WinAgents TFTP Server file overwrite Vulnerability - ComponentAce Easy Compression Lib RCE - POWERCOM UPSMON PRO for Windows V2.57 infoleak 0day + Capturix , TecIT and more software vulns

ZDA pack (zero and early access service) updated during recent months with 20 exploits and 4 [0days]. Query us for details.

DefPAck( IoT+) : - DLINK DIR850 Insecure Access Control - FLIR AX8 Thermal Camera Unauthenticated Snapshot - Huawei DG8045 Router 1.0 Credential Disclosure - JioFi 4G M2S 1.0.2 Remote Denial of Service

DefPack (IoT+) : - Orange AirBox discover information about currently connected devices - AirBox reset router to factory settings Vuln - Aver EVC300 Unauthenticated Snapshot - Besder 6024PB-XMA501 IP camera Path Traversal - D-Link Router 7200GV2.E1 Remote Command Execution

DefPack (IoT+ pack) new exploits: - Reolink E1 Zoom Camera config files disclosure - Telesquare SDT-CW3B1 1.1.0 Router OS Command Injection - Merit Lilin IP Cameras L series Password Disclosure - Omnia MPX 1.5.0+r1 Path Traversal - Accu-Time Systems MAXIMUS 1.0 Telnet DoS

SCADA+ : - Siemens BACnet Field Panel Path Traversal - Unitronics VISION OPLC IDE 9.8.0 weakness [0day] - Veeder-Root Automated Tank Gauge (ATG) Remote Configuration Disclosure - WellinTech Kingview 7.5 SP5 KvAdoDBGrid ActiveX weakness

Scada+: - CVE-2022-29593 - CVE-2021-40661 - IRAI AUTOMGEN Web Server DoS - Schneider Electric SpaceLogic C-Bus Home Controller OS Command Injection - TEC-IT TWedge Remote Denial of Service - Turck Holding GmbH PACTware4.1 SP6 Software Remote File Overwrite Vulnerability

SCADA pack recent exploits: - Automationdirect C-more v6.74 Simulator Remote Crash [0day] - AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 CVE-2022-23854 - Blink1Control2 <= 2.2.7 CVE-2022-35513 - Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauth Directory Traversal

Agora new exploits: - 389 Directory Server Remote Denial of Service CVE-2022-0918 - Black Box Kvm Extender 3.4.31307 Local File Inclusion and much more available for our clients during last months...

Agora new exploits: - MiniDVBLinux 5.4 Config Download - Slowscript HTTP File Server 1.4.1 Path Traversal CVE-2021-40668 - Syncovery <9.48j CVE-2022-36536 Session Hijack - Wordpress plugin ImageMagick <=1.7.4 Auth RCE - CVE-2021-42171 Zenario 9.0.54156 Arbitrary File Upload

Agora pack new exploits: - Homeseer <= 4.2.16.0 Authenticated 'Categories' XSS - ipUptime Pinkie TFTP Server DirTrav 0day - Morovia Barcode Professional 4 Remote Code Execution - ComponentAce Easy Compression Library RCE - Gitea <=1.16.6 Auth CVE-2022-30781

new D2 pack exploits: - tftpd64 TFTP Server infolead 0day - Tiny PXE TFTP Server infoleak 0day - JVC IP-Camera VN-T216VPRU Unauthenticated infoleak - LG International Axler Router Devices Remote DoS - Tenda AC6 Router Remote Denial of Service - Tenda W15E devices remote infoleak

new D2 pack exploits: - Tiny PXE WEB Server 0day infoleak - ViscomSoft VideoCap ActiveX Vuln - WinAgents TFTP Server for Windows file overwrite - ComponentAce Easy Compression Library Remote Code Execution - POWERCOM UPSMON PRO for Windows V2.57 infoleak 0day

D2 Pack iot exploits for devices: - ACE SECURITY WiP-90113 HD Camera - AirLink101 SkyIPCam1620W - AirLive WL2600CAM Camera - D-Link DAP-2020 CVE-2021-27249 - Humax Digital HG100R - LanProxy CVE-2021-3019 - Wavlink WN530HG4 CVE-2022-34047 and more..

Agora: - Moodle 3.11-3.11.4 Authenticated SQL Injection - HTTP Protocol Stack DOS CVE-2022-21907 - Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion - Serva 4.4.0 WEB Server DirTrav 0day - Webmin 1.984 - Remote Code Execution (Authenticated) CVE-2022-0824 and more...

ZDA: - Chipkin Automation Systems BACnet Object Monitor remote close [0Day] - IRAI AUTOMGEN Web Server DoS [0Day] - TEC-IT TWedge Remote DoS [0Day] - tftpd64 TFTP Server DirTrav 0day - Turck Holding GmbH Software Remote File Overwrite Vulnerability [0Day] - Unitronics [0Day]