Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201604-0126 CVE-2016-3081
 Apache Struts - Dynamic Method Invocation Remote Code Execution (Metasploit) - Linux remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201604-0434		 EDB ID: 39756
Apache Struts - Dynamic Method Invocation Remote Code Execution (Metasploit). CVE-2016-3081 . remote exploit for Linux platform
VAR-E-201604-0423 No CVE Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC) - Hardware local Exploit EDB ID: 44200
Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC). CVE-cve 2014-1303 . local exploit for Hardware platform
VAR-E-201603-0237 CVE-2016-2288
 Cogent Datahub 7.3.9 Gamma Script - Local Privilege Escalation - Windows local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201603-0039		 EDB ID: 39630
Cogent Datahub 7.3.9 Gamma Script - Local Privilege Escalation. CVE-2016-2288 . local exploit for Windows platform
VAR-E-201603-0310 CVE-2015-6472
CVE-2015-6473
 WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation

Related entries in the VARIoT vulnerabilities database: VAR-201708-0126, VAR-201708-0127		 No EDB ID
WAGO IO PLC versions 758-870 and 750-849 suffer from weak credential management, lack of privilege separation, insecure ftp configuration, and weak filesystem permissions.
VAR-E-201602-0212 CVE-2016-2511
CVE-2018-16144
CVE-2018-16145
CVE-2018-16146
CVE-2018-16147
CVE-2018-16148
 WebSVN 2.3.3 Cross Site Scripting Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201809-0905, VAR-201809-0906, VAR-201809-0903, VAR-201809-0904, VAR-201809-0902		 No EDB ID
VAR-E-201602-0156 No CVE Samsung Galaxy S6 - 'android.media.process' 'MdConvertLine' Face Recognition Memory Corruption - Android dos Exploit EDB ID: 39425
Samsung Galaxy S6 - 'android.media.process' 'MdConvertLine' Face Recognition Memory Corruption.. dos exploit for Android platform
VAR-E-201602-0078 No CVE Samsung Galaxy S6 - libQjpeg je_free Crash - Android dos Exploit EDB ID: 39424
Samsung Galaxy S6 - libQjpeg je_free Crash.. dos exploit for Android platform
VAR-E-201601-0194 No CVE WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery - PHP webapps Exploit EDB ID: 39384
WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery.. webapps exploit for PHP platform
VAR-E-201601-0361 No CVE Netgear WNR1000v4 - Authentication Bypass - Hardware webapps Exploit EDB ID: 39356
Netgear WNR1000v4 - Authentication Bypass.. webapps exploit for Hardware platform
VAR-E-201601-0414 No CVE Netgear WNR1000v4 - Authentication Bypass Vulnerability No EDB ID
VAR-E-201601-0549 No CVE ZyXel WAP3205 Cross Site Scripting No EDB ID
ZyXel WAP3205 suffers from multiple cross site scripting vulnerabilities.
VAR-E-201601-0355 CVE-2015-8088
 Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation - Hardware local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201601-0395		 EDB ID: 44306
Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation. CVE-2015-8088 . local exploit for Hardware platform
VAR-E-201601-0513 No CVE AVM FRITZ!Box < 6.30 - Buffer Overflow Vulnerability No EDB ID
VAR-E-201601-0134 No CVE AVM FRITZ!Box < 6.30 - Remote Buffer Overflow - Hardware remote Exploit EDB ID: 39194
AVM FRITZ!Box < 6.30 - Remote Buffer Overflow. CVE-132698 . remote exploit for Hardware platform
VAR-E-201601-0317 CVE-2015-6841
 Silent Circle Blackphone CVE-2015-6841 Security Bypass Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201601-0687		 No EDB ID
Silent Circle Blackphone is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Successful exploits may lead to other attacks.
VAR-E-201601-0518 CVE-2015-8687
 Alcatel Lucent Home Device Manager Cross Site Scripting

Related entries in the VARIoT vulnerabilities database: VAR-201703-0219		 No EDB ID
The Alcatel Lucent Home Device Manager management console suffers from multiple cross site scripting vulnerabilities.
VAR-E-201512-0467 CVE-2015-7917
 OPC Systems.NET CVE-2015-7917 DLL Loading Local Privilege Escalation Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201512-0014		 No EDB ID
OPC Systems.NET is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue remotely by placing the files in a remotely accessible SMB or WebDAV share location. A local attacker can leverage this issue to execute arbitrary code with application privileges.
VAR-E-201512-0292 No CVE ASUS RT-N15U Code Execution / XSS / Open Redirect No EDB ID
ASUS RT-N15U suffers from code execution, cross site request forgery, cross site scripting, and open redirection vulnerabilities.
VAR-E-201511-0432 No CVE Belkin N150 Wireless Home Router Multiple Security Vulnerabilities No EDB ID
Belkin N150 Wireless Home Router is prone to the following security vulnerabilities: 1. An HTML-Injection Vulnerability 2. A session-hijacking Vulnerability 3. An insecure default-password vulnerability 4. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks.
VAR-E-201511-0134 CVE-2015-8300
 Polycom BTOE Connector 2.3.0 Local Privilege Escalation

Related entries in the VARIoT vulnerabilities database: VAR-201708-0153		 No EDB ID
Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges.