VARIoT IoT exploits database
| VAR-E-201511-0599 | No CVE | D-Link DIR-615 'PING' and 'Send Email' Multiple Buffer Overflow Vulnerabilities | No EDB ID |
D-Link DIR-615 is prone to multiple buffer-overflow vulnerabilities because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffer.
Attackers may leverage these issues to execute arbitrary code in the context of the affected device. Failed exploits may result in denial-of-service conditions.
| VAR-E-201511-0178 | No CVE | Multiple D-Link Products Multiple Buffer Overflow and Command Injection Vulnerabilities | No EDB ID |
Multiple D-Link products are prone to multiple buffer-overflow vulnerabilities and a command injection vulnerability.
Attackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions.
| VAR-E-201511-0315 | No CVE | D-Link DGL5500 'HNAP' Functionality Buffer Overflow Vulnerability | No EDB ID |
D-Link DGL5500 is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffer.
Attackers may leverage this issue to execute arbitrary code in the context of the affected device. Failed exploits may result in denial-of-service conditions.
| VAR-E-201511-0496 | No CVE | D-Link DIR-890L/R Multiple Buffer Overflow Vulnerabilities | No EDB ID |
D-Link DIR-890L and DIR-890R are prone to multiple buffer-overflow vulnerabilities because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffer.
Attackers may leverage these issues to execute arbitrary code in the context of the affected device. Failed exploits may result in denial-of-service conditions.
| VAR-E-201511-0494 |
CVE-2015-3628 |
F5 iControl - 'iCall::Script' Root Command Execution (Metasploit) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201512-0554 | EDB ID: 38764 |
F5 iControl - 'iCall::Script' Root Command Execution (Metasploit). CVE-2015-3628CVE-127111 . remote exploit for Hardware platform
| VAR-E-201511-0103 |
CVE-2015-7254 |
Huawei Router HG532e - Command Execution - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201511-0079 | EDB ID: 45991 |
Huawei Router HG532e - Command Execution. CVE-2015-7254 . webapps exploit for Hardware platform
| VAR-E-201511-0233 |
CVE-2015-7896 |
Samsung Galaxy S6 - libQjpeg DoIntegralUpsample Crash - Android dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201708-0035 | EDB ID: 38612 |
Samsung Galaxy S6 - libQjpeg DoIntegralUpsample Crash. CVE-2015-7896CVE-129756 . dos exploit for Android platform
| VAR-E-201511-0064 |
CVE-2015-7897 |
Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption - Android dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201511-0020 | EDB ID: 38611 |
Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption. CVE-2015-7897CVE-129755 . dos exploit for Android platform
| VAR-E-201511-0065 |
CVE-2015-7894 |
Samsung - libQjpeg Image Decoding Memory Corruption - Android dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201708-0034 | EDB ID: 38614 |
Samsung - libQjpeg Image Decoding Memory Corruption. CVE-2015-7894CVE-129758 . dos exploit for Android platform
| VAR-E-201511-0107 |
CVE-2015-7895 |
Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash - Android dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201706-0020 | EDB ID: 38613 |
Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash. CVE-2015-7895 . dos exploit for Android platform
| VAR-E-201511-0108 |
CVE-2015-7895 |
Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash
Related entries in the VARIoT vulnerabilities database: VAR-201706-0020 | EDB ID: 39024 |
| VAR-E-201511-0182 |
CVE-2015-7898 |
Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash - Android dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201706-0021 | EDB ID: 38610 |
Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash. CVE-2015-7898 . dos exploit for Android platform
| VAR-E-201510-0188 | No CVE | Multiple Routers Clickjacking Vulnerability | No EDB ID |
Multiple Routers are prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests.
Successful exploits will allow an attacker to compromise the affected device or obtain sensitive information. Other attacks are also possible.
| VAR-E-201510-0033 |
CVE-2015-7893 |
Samsung SecEmailUI - Script Injection - Android remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201704-0051 | EDB ID: 38554 |
Samsung SecEmailUI - Script Injection. CVE-2015-7893CVE-129520 . remote exploit for Android platform
| VAR-E-201510-0004 |
CVE-2015-7925 CVE-2015-7926 CVE-2015-7929 CVE-2015-7927 CVE-2015-7928 CVE-2015-3970 CVE-2015-3967 CVE-2015-3969 CVE-2015-3968 CVE-2015-3973 CVE-2015-3971 CVE-2015-3972 CVE-2015-7924 |
XZERES 442SR Wind Turbine XSS
Related entries in the VARIoT vulnerabilities database: VAR-201512-0020, VAR-201512-0021, VAR-201512-0022, VAR-201512-0017, VAR-201512-0018, VAR-201512-0019 | No EDB ID |
| VAR-E-201510-0189 | No CVE | HP Photosmart B210 Printer SMB server Denial of Service Vulnerability | No EDB ID |
HP Photosmart B210 Printer is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service condition.
| VAR-E-201510-0021 |
CVE-2015-6018 |
ZYXEL PMG5318-B20A - OS Command Injection - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201512-0084 | EDB ID: 38455 |
ZYXEL PMG5318-B20A - OS Command Injection. CVE-2015-6018CVE-128874 . webapps exploit for Hardware platform
| VAR-E-201510-0276 | No CVE | ZTE ZXHN H108N Unauthenticated Configuration Download | No EDB ID |
ZTE ZXHN H108N suffers from an unauthenticated configuration download vulnerability.
| VAR-E-201510-0135 | No CVE | Multiple NetGear Routers Remote Authentication Bypass Vulnerability | No EDB ID |
Multiple NetGear Routers are prone to a remote authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions.
| VAR-E-201509-0120 | No CVE | Western Digital My Cloud Command Injection | No EDB ID |
Western Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from a command injection vulnerability.