VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201609-0052 No CVE D-Link DWR-932B Backdoors / Default WPS PIN No EDB ID
D-Link DWR-932B suffers from backdoor accounts, default WPS PIN, weak WPS PIN generation, and various other bad security practices and issues.
VAR-E-201609-0536 No CVE TP-Link Archer CR-700 Cross Site Scripting No EDB ID
TP-Link Archer CR-700 suffers from a cross site scripting vulnerability.
VAR-E-201609-0022 No CVE TP-Link Archer CR-700 - Cross-Site Scripting - Hardware webapps Exploit EDB ID: 40432
TP-Link Archer CR-700 - Cross-Site Scripting.. webapps exploit for Hardware platform
VAR-E-201609-0074 CVE-2016-10699
D-Link DSL-2740E ADSL Router Multiple HTML Injection Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201710-0058
No EDB ID
D-Link DSL-2740E ADSL Router is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
VAR-E-201609-0259 CVE-2016-4526
ABB DataManagerPro CVE-2016-4526 DLL Loading Local Code Execution Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201609-0334
No EDB ID
ABB DataManagerPro is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. ABB DataManagerPro versions 1.0.0 through 1.7.0 are vulnerable.
VAR-E-201609-0059 No CVE ASUS RT-N10 CSRF / Code Execution / XSS / Open Redirection No EDB ID
ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.
VAR-E-201609-0010 CVE-2016-6664
CVE-2016-5617
CVE-2016-5195
CVE-2016-6662
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation - Linux local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386
EDB ID: 40679
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation. CVE-2016-6664CVE-2016-5617 . local exploit for Linux platform
VAR-E-201609-0013 CVE-2016-5195
CVE-2016-6664
CVE-2016-6662
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) - Linux local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386
EDB ID: 40847
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0015 CVE-2016-5195
CVE-2016-6664
CVE-2016-6662
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method) - Linux local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386
EDB ID: 40611
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0009 CVE-2016-6663
CVE-2016-5616
CVE-2016-5195
CVE-2016-6662
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition - Linux local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386
EDB ID: 40678
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition. CVE-2016-6663CVE-2016-5616 . local exploit for Linux platform
VAR-E-201609-0014 CVE-2016-5195
CVE-2016-6664
CVE-2016-6662
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) - Linux local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386
EDB ID: 40839
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0011 CVE-2016-5195
CVE-2016-6664
CVE-2016-6662
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method) - Linux local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386
EDB ID: 40616
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0012 CVE-2016-6662
CVE-2016-5195
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation - Linux local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386
EDB ID: 40360
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation. CVE-2016-6662 . local exploit for Linux platform
VAR-E-201609-0008 CVE-2016-5195
CVE-2016-6664
CVE-2016-6662
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method) - Linux local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201611-0386
EDB ID: 40838
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0007 No CVE Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC) - Hardware local Exploit EDB ID: 44199
Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC).. local exploit for Hardware platform
VAR-E-201609-0551 No CVE Belkin F9K1122v1 1.00.30 Buffer Overflow / Cross Site Request Forgery No EDB ID
Belkin F9K1122v1 version 1.00.30 suffers from a buffer overflow vulnerability that can be leveraged via cross site request forgery.
VAR-E-201609-0073 No CVE Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery) - Hardware webapps Exploit EDB ID: 40332
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery).. webapps exploit for Hardware platform
VAR-E-201608-0103 No CVE ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation - Windows local Exploit EDB ID: 40323
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation.. local exploit for Windows platform
VAR-E-201608-0267 CVE-2016-6366
Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201608-0222
EDB ID: 40258
Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass. CVE-2016-6366 . remote exploit for Hardware platform
VAR-E-201608-0009 CVE-2016-0856
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow

Related entries in the VARIoT vulnerabilities database: VAR-201601-0038
EDB ID: 40245