Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201509-0053 No CVE Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection - Hardware webapps Exploit EDB ID: 38350
Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection. CVE-128328 . webapps exploit for Hardware platform
VAR-E-201509-0517 No CVE Western Digital My Cloud 04.01.03-421, 04.01.04-422 - Command Injection Vulnerability No EDB ID
VAR-E-201509-0449 CVE-2015-3938
 Mitsubishi Melsec FX3G-24M Denial Of Service

Related entries in the VARIoT vulnerabilities database: VAR-201510-0694		 No EDB ID
Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability.
VAR-E-201509-0122 CVE-2015-6000
CVE-2016-10258
CVE-2016-1713
 Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload - CFM webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-0310, VAR-202002-0733, VAR-201804-0142		 EDB ID: 47392
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload. CVE-2016-10258 . webapps exploit for CFM platform
VAR-E-201509-0123 CVE-2015-6000
CVE-2016-1713
 Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit) - PHP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-0310, VAR-202002-0733		 EDB ID: 44379
Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit). CVE-2016-1713 . webapps exploit for PHP platform
VAR-E-201509-0121 CVE-2015-6000
CVE-2016-1713
 vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution - PHP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201704-0310, VAR-202002-0733		 EDB ID: 38345
vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution. CVE-2016-1713CVE-2015-6000CVE-128170 . webapps exploit for PHP platform
VAR-E-201509-0256 CVE-2015-6279
CVE-2015-6278
 Cisco IOS and IOS XE Software IPv6 Snooping Multiple Denial of Service Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201509-0026, VAR-201509-0025		 No EDB ID
Cisco IOS and IOS XE Software are prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCuo04400, and CSCus19794.
VAR-E-201509-0396 No CVE IntelBras WRN 340 Unauthenticated Remote DNS Changer No EDB ID
IntelBras WRN 340 (ADSL modem router) remote unauthenticated DNS changing exploit.
VAR-E-201509-0134 CVE-2015-7241
 SAP NetWeaver < 7.01 - XML External Entity Injection - XML webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201709-0026		 EDB ID: 38261
SAP NetWeaver < 7.01 - XML External Entity Injection. CVE-2015-7241CVE-118691 . webapps exploit for XML platform
VAR-E-201509-0153 CVE-2015-4040
 F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201509-0439		 EDB ID: 38448
F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal. CVE-2015-4040CVE-127546 . webapps exploit for Hardware platform
VAR-E-201509-0067 CVE-2014-9208
 Advantech Webaccess 8.0 / 3.4.3 - ActiveX Multiple Vulnerabilities - Windows dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201509-0433		 EDB ID: 38108
Advantech Webaccess 8.0 / 3.4.3 - ActiveX Multiple Vulnerabilities. CVE-2014-9208CVE-127229CVE-127228CVE-127227CVE-127226CVE-127225CVE-127224CVE-127223 . dos exploit for Windows platform
VAR-E-201508-0383 No CVE Sagemcom F@ST 3864 V2 - Get Admin Password - Hardware webapps Exploit EDB ID: 37801
Sagemcom F@ST 3864 V2 - Get Admin Password. CVE-126410 . webapps exploit for Hardware platform
VAR-E-201507-0198 No CVE D-Link DCS-2103 HTML Injection and Cross Site Request Forgery Vulnerabilities No EDB ID
D-Link DCS-2103 is prone to an HTML-injection vulnerability and a cross-site request-forgery vulnerability. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible.
VAR-E-201507-0488 No CVE D-Link DCS-2103 1.20 CSRF / Cross Site Scripting No EDB ID
D-Link DCS-2103 version 1.20 suffers from cross site request forgery and cross site scripting vulnerabilities.
VAR-E-201507-0075 CVE-2015-2280
 AirLink101 SkyIPCam1620W - OS Command Injection - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201707-0081		 EDB ID: 37527
AirLink101 SkyIPCam1620W - OS Command Injection. CVE-2015-2280CVE-124314CVE-124313 . webapps exploit for Hardware platform
VAR-E-201506-0353 No CVE Multiple NetGear ProSafe Routers Multiple Security Vulnerabilities No EDB ID
Multiple NetGear ProSafe routers are prone to multiple security vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website.
VAR-E-201506-0004 CVE-2015-4630
CVE-2015-4631
CVE-2015-4633
CVE-2015-4632
 Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities - PHP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201810-0026, VAR-201810-0025, VAR-201810-0024		 EDB ID: 37389
Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities. CVE-2015-4631CVE-2015-4630 . webapps exploit for PHP platform
VAR-E-201506-0003 CVE-2015-4632
CVE-2015-4633
CVE-2015-4631
 Koha 3.20.1 - Directory Traversal - PHP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201810-0026, VAR-201810-0025, VAR-201810-0024		 EDB ID: 37388
Koha 3.20.1 - Directory Traversal. CVE-2015-4632CVE-123654CVE-123653 . webapps exploit for PHP platform
VAR-E-201506-0002 CVE-2015-4633
CVE-2015-4632
CVE-2015-4631
 Koha 3.20.1 - Multiple SQL Injections - PHP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201810-0026, VAR-201810-0025, VAR-201810-0024		 EDB ID: 37387
Koha 3.20.1 - Multiple SQL Injections. CVE-2015-4633CVE-123650 . webapps exploit for PHP platform
VAR-E-201506-0554 CVE-2015-4640
 SwiftKey CVE-2015-4640 Man in The Middle Security Bypass Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201506-0179		 No EDB ID
SwiftKey is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to modify or write arbitrary data to the affected device. Other attacks are also possible.