VARIoT IoT exploits database

Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery. CVE-2016-7454 . webapps exploit for Hardware platform

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin).. webapps exploit for PHP platform

NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections.. webapps exploit for PHP platform

NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion.. webapps exploit for PHP platform

NUUO NVRmini 2 3.0.8 - Local File Disclosure.. webapps exploit for PHP platform

NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access.. webapps exploit for PHP platform

NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock).. webapps exploit for CGI platform

NUUO NVRmini 2 3.0.8 - Remote Code Execution.. webapps exploit for PHP platform

MuPDF is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, code execution may be possible but this has not been confirmed.

Huawei eSpace IAD suffers from an information disclosure vulnerability.

PHP is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition.

Neoscreen is prone to multiple security vulnerabilities. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data or to bypass authentication mechanism; that may aid in further attacks. Neoscreen 4.5 is vulnerable; other versions may also be affected.

The Technicolor TC7200 suffers from session management issues and also uses a fixed password for backup file encryption. Proof of concept code included.

GE Proficy HMI SCADA CIMPLICITY is prone to a local privilege escalation vulnerability. An attacker can exploit this vulnerability to gain elevated privileges. This may aid in further attacks. GE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable.

Lenovo ThinkPad is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with administrative privileges in the context of the System Management Mode.

Lenovo ThinkPad - System Management Mode Arbitrary Code Execution.. local exploit for Windows platform

The Linux kernel is prone to a local heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Local attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the kernel, denying service to legitimate users.

Multiple SAP Business applications running on SAP Java platforms are prone to a remote code-execution vulnerability. An attacker may leverage this issue to execute arbitrary script code within the context of the affected application. Note : This issue is the result of an incomplete fix for the issue described in 48925 (SAP Netweaver Invoker Servlet Remote Code Execution Vulnerability).

NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities. CVE-2015-6024CVE-2015-6023 . webapps exploit for CGI platform

Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Kernel Loader.. local exploit for Hardware platform