Agora Exploitation Pack for CANVAS. Due to the product continuous update in nature, so we prepare this post for those who interest to know what is include inside. Latest update will be show on the top, while older update will be auto show below. This post will keep update and the post date will follow the latest date, so it will show one post date, rather than multiple post for hassle free reading in one post. This post is about CANVAS Exploitation Pack (CEP) Agora, it need to be use with CANVAS Exploitation Testing Framework. Feel free to contact E-SPIN for product and related matter.
Agora Exploitation Pack for CANVAS Product Overview
The Agora Pack was released by GLEG research team in the beginning of 2008.
The Pack is a successor of Argeniss ultimate 0day pack, which was developed since 2006 and acquired by GLEG in 2008.
More than 50 database modules contained in Argeniss pack were redesigned and included to Agora.
The Pack is continuously enhanced and now contains more than 550 modules.
To keep exploit pack always actual, we provide monthly updates with 3-7 modules for most valuable fresh vulns.
Current updates are focused on Web related software and a value add: defense bypass + database modules.
The Agora Pack features:
- Fresh & unpatched stuff each month – 3-7 modules
- Modules for latest mainstream WEB related software
- Value add: Modules to defeat the defense, hack the database etc.
- New attack techniques
2022-Sep-24 Agora 3.26:
– FreeSWITCH <= v1.10.6 Denial of Service CVE-2021-41145
– LogicalDOC Enterprise 7.7.4 Directory Traversal Vulnerabilitiy. public
– phpIPAM <1.4.5 Authenticated SQL Injection CVE-2022-23046
– SolarView Compact 6.0 OS Command Injection CVE-2022-29303 more..
2022-Aug-18 Agora pack 3.25:
– Home Web Server 1.9.1 (build 164) Remote Code Execution. public
– SAP NetWeaver AS JAVA (LM Configuration Wizard) Directory Traversal. public
– Struts2 CVE-2021-31805 Remote Code Execution
– CVE-2022-36446 Webmin 1.996 Auth Command injection
2022-Jun-30 Agora 3.24
– OpenRemote IP Block Bypass [1day]
– Xerte 3.9 Remote Code Execution CVE-2021-44664
– MyBB >= 1.2.0, < 1.8.30 Remote Code Execution CVE-2022-24734
– CVE-2022-0824 Webmin 1.984 Remote Code Exection
2022-May-19 Agora 3.23
– CouchDB 3.2.1 CVE-2022-24706 Remote Code Execution
– OpenHAB 3.2.0 Authenticated Remote Code Execution. public
– PHPFusion 9.10.11 User Enumeration [1day]
– XenMobile leaks device information including personal data. and more
2022-Apr-9 Agora 3.22
– Confluence Server 7.12.4 – RCE(Unauth) CVE-2021-26084
– Gitlab 13.10.3 Unauth User Enumeration. public
– Handysoft Co., Ltd Groupware ActiveX Vuln [1day]
– Next.js directory traversal vulnerability CVE-2020-5284
– PHPFusion 9.10.0 Arbitrary User Logout. public
2022-Feb-10 Agora 3.21 :
– GLPI 9.5 Authenticated SQL Injection [1Day]
– TELEFONE IP TIP200/200 Dir Trav. public
– Payara Micro Community Info Disclosure CVE-2021-41381
– Handysoft Groupware RCE CVE-2021-26608
– Apache 2.4.50 Remote Code Execution CVE-2021-42013
2022-Jan-19 Agora 3.20
– Atlassian Jira Server/Data Center 8.16.0 Cross-Site Scripting. CVE-2021-26078
– GitLab 13.10.2 rce CVE-2021-22205
– CVE-2021-28164 Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 infoleak
– GLPI 9.5 Authenticated SQL Injection. [1Day]
2021-Dec-10 Agora 3.19:
– PHPFusion 9.10.0 User Enumeration [1 Day]
– Webmin 1.973 Cross-Site Request Forgery to RCE. CVE-2021-31761
– ReQuest Serious Play F3 Media Server Remote Denial of Service. pub
– Mini Mouse 9.2.0 RCE. pub
– Mini Mouse 9.2.0 Directory Traversal. pub
2021-Nov-13 Agora 3.18:
– CVE-2021-41773, CVE-2021-42013 Apache HTTP Server 2.4.49, 2.4.50 RCE
– GitLab 12.9.0 DirTrav CVE-2020-10977
– GLPI 9.5 Auth File Delete. [1 Day]
– GLPI 9.5 Unauth Password Change PoC. [1 Day]
– IPS Community Suite <= 4.5.4.2 PHP Code Injection
2021-Oct-9 Agora 3.17:
– Websvn 2.6.0 Remote Code Execution CVE-2021-32305
– osCommerce 2.3.4.1 Remote Code Execution pub
– GLPI 9.5 Unauthenticated User Enumeration [1 day]
– wordpress CVE-2021-29447 vuln
– Citrix XenMobile Server Path Traversal Vulnerability CVE-2020-8209
and more…
2021-Sep-12 Agora 3.16
– AGG Private Business Exchange Data Logger infoleak. [1 day]
– GLPI 9.5 Authenticated Stored CSS Injection [1 day]
– LibreNMS 21.3.0 Persistent Cross-Site Scripting [1 day]
– Node-RED-Dashboard before 2.26.2 Directory Traversal Vulnerability. CVE-2021-3223 and more…
2021-Aug-4 Agora 3.15
– VTENEXT 19 RCE [1day]
– CentOS Web Panel idsession root RCE. CVE-2021-31324
– GravCMS AdminPlugin 1.10.7 UnauthArbitrary YAML Write. RCE. CVE-2021-21425
– Black Ice, Codejock Xtreme Suite and HexaTech ActiveXs exploits [1day]
2021-Jul-13 Agora 3.14:
– Windows IIS Server DoS. CVE-2021-31166
– Apache Airflow 1.10.10 – Remote Code Execution. CVE-2020-11978, CVE-2020-13927
– Chamilo LMS 1.11.14 – RCE CVE-2021-31933
– FOGProject 1.5.9 – File Upload RCE (Auth)
– Hasura GraphQL 1.3.3 – RCE and more…
2021-Jun-10 Agora 3.13:
– MyBB 1.8.25 Poll Vote Count SQLi CVE-2021-27946
– Mantis Bug Tracker 2.24.3 ‘access’ SQLi CVE-2020-28413
– vBulletin 5.0.0 to 5.5.4 RCE CVE-2019-16759
– TestLink 1.9.20 RCE CVE-2020-8639
– VisualWare MyConnection Server 11.x Remote Code Execution CVE-2021-27198
2021-May-27 Agora 3.12:
– Apache 2.4.7 mod_status Denial of Service. pub
– Apache Druid <0.20.1 Remote Code Execution. CVE-2021-25646
– Apache Unomi 1.5.1 Remote code execution CVE-2020-13942
– Batflat CMS 1.3.6 – Remote Code Execution CVE-2020-35734
2021-Apr-5 Agora 3.11:
– Tekla Web Viewer Remote File Create Vulnerability [1day]
– Sonatype Nexus 3.21.1 Remote Code Execution. CVE-2020-10199
– EyesOfNetwork 5.3 Local File Inclusion. pub
– Apache Tomcat DoS. CVE-2020-13935.
– Apache Flink 1.11.x Unauth File Read. 2020-17519
2021-Mar-12 Agora 3.10:
– WordPress W3 Total Cache 0.9.3 Directory Traversal. pub
– WordPress Duplicator 1.3.26 Directory Traversal. pub
– Sentrifugo 3.2 – File Upload Restriction Bypass. pub
– Jenkins 2.235.3 – Stored XSS. CVE-2020-2230
– Apache Tomcat – CVE-2020-1938 (Ghostcat)
2021-Jan-30 Agora 3.09:
– Apache Flink 1.9.1 File Upload RCE (Unauthenticated). pub
– EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture. CVE-2020-15688
– GOautodial 4.0 Remote Code Execution. pub
– TextPattern CMS 4.8.3 Remote Code Execution. pub
2021-Jan-15 Agora 3.08:
– aaPanel 6.6.6 Remote Code Execution. CVE-2020-14421
– DynPG 4.9.1 Persistent Cross-Site Scripting. public
– Oracle WebLogic Server Unauthenticated RCE via GET request. CVE-2020-14882
– SEO Panel 4.6.0 Remote Code Execution. public
2020-Dec-4 Agora 3.07:
– Oracle Business Intelligence Enterprise Edition getPreviewImage Directory Traversal. public
– Easy Transfer 1.7 Directory Traversal. public
– GOautodial 4.0 – Persistent Cross-Site Scripting. public
– Mantis Bug Tracker 2.3.0 RCE. CVE-2019-15715
2020-Nov-14 Agora 3.06 new public exploits:
– CiscoKits CertificationKits TFTP Server DirTrav
– Grafana 7.0.1 – Denial of Service. CVE-2020-13379
– Wing FTP Server 6.3.8 – Remote Code Execution.
– Joomla Plugin XCloner Backup 3.5.3 – DirTrav
– ZenTao Pro 8.8.2 – Remote Code Execution.
2020-Oct-5 Agora 3.05 :
– Bludit 3.9.2 – Remote Code Execution. CVE-2019-16113
– Filetto 1.0 – ‘FEAT’ Denial of Service. public
– Konica Minolta FTP Utility 1.0 – ‘LIST’ Denial of Service. public
– Virtual Airlines Manager 2.6.2 – ‘notam’ SQL Injection. public
2020-Sep-4 Agora 3.04 ver:
– Shopping Website 1.11.1 ‘bilingstate’ – SQL Injection. 1day
– School ERP System 1.0 Arbitrary File Upload. 1day
– Rukovoditel Project Management CRM 2.6 Directory Traversal. 1day
– CHMBAC Student Management System Arbitrary File Upload. 1day
2020-Aug-3 Agora 3.03:
– CuteNews 2.1.2 – Arbitrary File Deletion
– I-DoIt 1.14.1 – Arbitrary File Deletion
– Webtateas 2.0p6 – Directory Traversal
– ChopSlider3 WordPress Plugin3.4 – ‘id’ SQL Injection. CVE-2020-11530
2020-Jun-3 Agora 3.01:
– LabCollector 6.0 Arbitrary File Upload. [1Day]
– LabCollector 6.0 Local File Inclusion. [1Day]
– Sysaid 20.1.11 b26 – Directory Traversal. [1Day]
– Quick N Easy Web Server 3.3.8 – Denial of Service. public
2020-Feb-29 Agora 2.98:
– Voyager 1.3.0 – Directory Traversal. public
– Online Book Store 1.0 – SQL Injection. public
– Online Book Store 1.0 – Unauthenticated Remote Code Execution. public
– Crystal Live HTTP Server 6.01 Directory Traversal. public
2019-Aug-10 2.82 ver. of Agora contains following addition:
2020-Jan-28 2.97 Agora updates:
– Roxy Fileman 1.4.5 For PHP Arbitrary file delete. public
– Roxy Fileman 1.4.5 For PHP Local File Inclusion. public
– Integard Pro NoJs 2.2.0.9026 – Remote Buffer Overflow. CVE-2019-16702
– rimbalinux AhadPOS 1.11 – SQL Injection. public
2019-Dec-31 Agora 2.96 :
– Freefloat FTP Server Denial of Service. public
– Image Viewer CP Gold SDK ActiveX Remote File Create Vulnerability. 1Day
– Jobberbase 2.0 CMS SQL injections. public
– MOVISTAR BHS_RTA ADSL Router Remote File Disclosure. public
2019-Sep-29 2.93 Agora:
– jc21 Nginx Proxy Manager. CVE-2019-15517
– Karenderia Multiple Restaurant System 5.3 – Local File Inclusion. public
– Sahi pro 8.x CVE-2019-13063
– pretty often used NCTAudioEditor ActiveX sploit
2019-Sep-1 2.92 Agora:
– Apache Tika 1.15 – 1.17 – Header Command Injection. [public]
– Apache Tomcat 9 – Remote Code Execution. [public]
– Flightpath – Local File Inclusion. [public]
– Ahsay Backup 7.x – 8.1.1.50 – Authenticated Arbitrary File Upload / Remote Code Execution. [public]
2019-Jul-29 July updates: Agora 2.92
ag_cisco_small_business_sa500_lfi – Cisco Small Business SA500 Series – Local File Inclusion. public
ag_Firefox_68_DoS – Firefox 68.0.1 – funny DoS. public
+
ag_Oracle_Business_Intelligence_DirTrav
and DoS for SysGauge Server 3.6.18
2019-Jul-23 2.90 ver. of Agora contains 2 modules. List:
– most of windows platforms Remote Desktop Denial of Service. public.
2019-Jun-3 2.89 ver. of Agora contains 3 modules. List:
2019-May-21 2.88 ver. of Agora contains 4 modules. List:
– MarcomCentral FusionPro VDP Creator 9.x Directory Traversal. CVE-2019-7751
2019-Jan-27 2.85 ver. of Agora contains 4 modules. List:
2018-Nov-26 2.83 Agora:
– ServersCheck MonitoringDoS [1day]
– Easewe FTP, Touch22 Software ActiveX Controls – 3 modules [1day]
2018-Oct-25 2.82 Agora:
– Navigate CMS 8.2 RCE. CVE 2018-17552, CVE 2018-17553
– Traq 3.7.1 SQL Injection. public
– Cybrotech CyBroHttpServer Directory Traversal. [1day]
– Argus Surveillance DVR 4.0.0.0 devices info leak. CVE-2018-15745.
2018-Sep-26 2.81 Agora :
– Socomec UPS and low voltage monitoring software. LocalView Info Disclosure +
RemoteView PRO AFU RCE. two [1day] modules
– Solarwinds Kiwi Syslog Server Denial of Service [1day]
– Dotclear 2.9.1 Shell Upload Vulnerability. [public]
2018-Aug-29 2.80 Agora contains 4 [1day] modules:
– Antamedia HotSpot WiFi management infoleak. [1day]
– Antamedia Internet Cafe Denial of Service. [1day]
– GrapeCity spreadcom ActiveX Control Remote Code Execution Vulnerability. [1day]
– MiniWeb HTTP server Directory Traversal. [1day]
2018-Jul-30 2.79 Agora new 5 modules:
2018-Jun-25 2.78 Agora:
– Seagate Media Server in Seagate Personal Cloud has Path traversal vulnerability. public
– TerraMaster TOS 3.0.33 – Unauthenticated Remote Command Execution. public
– Typesetter CMS Arbitrary File Disclosure. [1day]
– Typesetter CMS Directory Listing. [1day]
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 – Remote Code Execution [CVE-2018-7600] CloudMe Sync <= v1.10.9 Remote Buffer Overflow [CVE-2018-6892] AxxonSoft Axxon Next – DirTrav [CVE-2018-7467] Wordpress Fastest Cache <= 0.8.7.4 Blind SQL Injection
– ManageEngine Applications Manager – Remote Command Execution
– Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 – Directory Traversal
– Softros Network Time System Server 2.3.4 – Denial of Service
– Trustwave Secure Web Gateway v.11.8.0.27 – Unauthorized Access [CVE-2017-18001] – Microsoft Word .RTF RCE [CVE-2017-0199] – phpCollab 2.5.1 – Unauthenticated File Upload / Remote Code Execution [CVE-2017-6090] – VideoIQ Camera – Local File Disclosure
– WordPress Core DoS CVE-2018-6389 + Smart Google Code plugin SQLi
– phpMyFAQ 2.9.9 RCE
– Netgear ReadyNAS Surveillance Unauth RCE
– Cisco Prime Collaboration Provisioning Auth Bypass / Remote Code Execution
– Apache Tomcat CVE-2017-12617
– Zoho ManageEngine Applications Manager 13 SQL Injection [CVE-2017-16543] – Unitrends UEB 9.1 – Unauthenticated Remote Code Execution [CVE-2017-12477] – Belkin NetCam F7D7601 – Remote Command Execution