VARIoT IoT exploits database
| VAR-E-201708-0487 |
CVE-2017-12591 |
ASUS DSL-N10S Router CVE-2017-12591 HTML Injection Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201708-0882 | No EDB ID |
ASUS DSL-N10S Router is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
| VAR-E-201708-0378 | No CVE | Technicolor TC7337 - SSID Persistent Cross-Site Scripting Vulnerability | No EDB ID |
| VAR-E-201708-0006 |
CVE-2017-15236 |
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201710-1150 | EDB ID: 44058 |
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure. CVE-2017-15236 . webapps exploit for Hardware platform
| VAR-E-201708-0138 |
CVE-2017-11320 |
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201708-0816 | EDB ID: 42427 |
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting. CVE-2017-11320 . webapps exploit for Hardware platform
| VAR-E-201707-0372 | No CVE | Friends In War Make Or Break 1.7 SQL Injection | No EDB ID |
Friends in War Make or Break version 1.7 suffers from a remote SQL injection vulnerability.
| VAR-E-201707-0338 | No CVE | Friends In War Make Or Break 1.7 Password Change | No EDB ID |
Friends in War Make or Break version 1.7 suffers from an unauthenticated administrative password change vulnerability.
| VAR-E-201707-0389 | No CVE | Friends in War Make or Break 1.7 - SQL Injection Vulnerability | No EDB ID |
| VAR-E-201707-0220 | No CVE | Friends in War Make or Break 1.7 - CSRF (Change Admin Password) Vulnerability | No EDB ID |
| VAR-E-201707-0291 | No CVE | Friends in War Make or Break 1.7 - Authentication Bypass Vulnerability | No EDB ID |
| VAR-E-201707-0382 | No CVE | Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password) - PHP webapps Exploit | EDB ID: 42383 |
Friends in War Make or Break 1.7 - Cross-Site Request Forgery (Change Admin Password).. webapps exploit for PHP platform
| VAR-E-201707-0009 | No CVE | Friends in War Make or Break 1.7 - SQL Injection - PHP webapps Exploit | EDB ID: 42381 |
Friends in War Make or Break 1.7 - SQL Injection.. webapps exploit for PHP platform
| VAR-E-201707-0324 |
CVE-2017-7936 CVE-2017-7932 |
Multiple i.MX Products Multiple Local Security Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201708-1391, VAR-201708-1393 | No EDB ID |
Multiple i.MX Products is prone to multiple local security vulnerabilities.
An attacker may exploit these issues to bypass certain security restrictions and perform unauthorized actions or execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition.
| VAR-E-201707-0111 | No CVE | Friends in War Make or Break 1.7 - Authentication Bypass - PHP webapps Exploit | EDB ID: 42379 |
Friends in War Make or Break 1.7 - Authentication Bypass.. webapps exploit for PHP platform
| VAR-E-201707-0121 |
CVE-2017-11519 |
TP-Link Archer C9 Router CVE-2017-11519 Security Bypass Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201707-0489 | No EDB ID |
TP-Link Archer C9 Router is prone to a security-bypass vulnerability.
Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions.
TP-Link Archer C9(UN)_V2_160517 is vulnerable; other versions may also be affected.
| VAR-E-201707-0383 |
CVE-2017-8953 |
HP LoadRunner and Performance Center CVE-2017-8953 Cross Site Scripting Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201802-0734 | No EDB ID |
HP LoadRunner and Performance Center are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site.
| VAR-E-201707-0048 | No CVE | Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting - Hardware webapps Exploit | EDB ID: 42307 |
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting.. webapps exploit for Hardware platform
| VAR-E-201707-0116 | No CVE | Pelco VideoXpert 1.12.105 - Local Privilege Escalation - Windows local Exploit | EDB ID: 42310 |
Pelco VideoXpert 1.12.105 - Local Privilege Escalation.. local exploit for Windows platform
| VAR-E-201707-0027 | No CVE | Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access) - Hardware webapps Exploit | EDB ID: 42308 |
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access).. webapps exploit for Hardware platform
| VAR-E-201707-0141 | No CVE | Pelco Sarix/Spectra Cameras - Remote Code Execution - Hardware webapps Exploit | EDB ID: 42309 |
Pelco Sarix/Spectra Cameras - Remote Code Execution.. webapps exploit for Hardware platform
| VAR-E-201706-0045 | No CVE | Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions Vulnerability | No EDB ID |