VARIoT IoT exploits database

VAR-E-201609-0052 | No CVE | D-Link DWR-932B Backdoors / Default WPS PIN | No EDB ID |
D-Link DWR-932B suffers from backdoor accounts, default WPS PIN, weak WPS PIN generation, and various other bad security practices and issues.
VAR-E-201609-0536 | No CVE | TP-Link Archer CR-700 Cross Site Scripting | No EDB ID |
TP-Link Archer CR-700 suffers from a cross site scripting vulnerability.
VAR-E-201609-0022 | No CVE | TP-Link Archer CR-700 - Cross-Site Scripting - Hardware webapps Exploit | EDB ID: 40432 |
TP-Link Archer CR-700 - Cross-Site Scripting.. webapps exploit for Hardware platform
VAR-E-201609-0074 |
CVE-2016-10699 |
D-Link DSL-2740E ADSL Router Multiple HTML Injection Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201710-0058 | No EDB ID |
D-Link DSL-2740E ADSL Router is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
VAR-E-201609-0259 |
CVE-2016-4526 |
ABB DataManagerPro CVE-2016-4526 DLL Loading Local Code Execution Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201609-0334 | No EDB ID |
ABB DataManagerPro is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input.
A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application.
ABB DataManagerPro versions 1.0.0 through 1.7.0 are vulnerable.
VAR-E-201609-0059 | No CVE | ASUS RT-N10 CSRF / Code Execution / XSS / Open Redirection | No EDB ID |
ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.
VAR-E-201609-0010 |
CVE-2016-6664 CVE-2016-5617 CVE-2016-5195 CVE-2016-6662 |
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 | EDB ID: 40679 |
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' System User Privilege Escalation. CVE-2016-6664CVE-2016-5617 . local exploit for Linux platform
VAR-E-201609-0013 |
CVE-2016-5195 CVE-2016-6664 CVE-2016-6662 |
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method) - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 | EDB ID: 40847 |
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0015 |
CVE-2016-5195 CVE-2016-6664 CVE-2016-6662 |
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method) - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 | EDB ID: 40611 |
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0009 |
CVE-2016-6663 CVE-2016-5616 CVE-2016-5195 CVE-2016-6662 |
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 | EDB ID: 40678 |
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition. CVE-2016-6663CVE-2016-5616 . local exploit for Linux platform
VAR-E-201609-0014 |
CVE-2016-5195 CVE-2016-6664 CVE-2016-6662 |
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method) - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 | EDB ID: 40839 |
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0011 |
CVE-2016-5195 CVE-2016-6664 CVE-2016-6662 |
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method) - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 | EDB ID: 40616 |
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (SUID Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0012 |
CVE-2016-6662 CVE-2016-5195 |
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 | EDB ID: 40360 |
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation. CVE-2016-6662 . local exploit for Linux platform
VAR-E-201609-0008 |
CVE-2016-5195 CVE-2016-6664 CVE-2016-6662 |
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method) - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201611-0386 | EDB ID: 40838 |
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW PTRACE_POKEDATA' Race Condition (Write Access Method). CVE-2016-5195 . local exploit for Linux platform
VAR-E-201609-0007 | No CVE | Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC) - Hardware local Exploit | EDB ID: 44199 |
Sony Playstation 4 (PS4) 3.15 < 3.55 - WebKit Code Execution (PoC).. local exploit for Hardware platform
VAR-E-201609-0551 | No CVE | Belkin F9K1122v1 1.00.30 Buffer Overflow / Cross Site Request Forgery | No EDB ID |
Belkin F9K1122v1 version 1.00.30 suffers from a buffer overflow vulnerability that can be leveraged via cross site request forgery.
VAR-E-201609-0073 | No CVE | Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery) - Hardware webapps Exploit | EDB ID: 40332 |
Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery).. webapps exploit for Hardware platform
VAR-E-201608-0103 | No CVE | ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation - Windows local Exploit | EDB ID: 40323 |
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation.. local exploit for Windows platform
VAR-E-201608-0267 |
CVE-2016-6366 |
Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201608-0222 | EDB ID: 40258 |
Cisco ASA 8.x - 'EXTRABACON' Authentication Bypass. CVE-2016-6366 . remote exploit for Hardware platform
VAR-E-201608-0009 |
CVE-2016-0856 |
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
Related entries in the VARIoT vulnerabilities database: VAR-201601-0038 | EDB ID: 40245 |