VARIoT IoT exploits database
| VAR-E-201506-0495 | No CVE | Airties RT210 Cross Site Scripting | No EDB ID |
Airties RT210 suffers from a stored cross site scripting vulnerability.
| VAR-E-201506-0209 |
CVE-2015-4051 |
Beckhoff IPC Diagnositcs Authentication Bypass
Related entries in the VARIoT vulnerabilities database: VAR-201506-0271 | No EDB ID |
Beckhoff IPC Diagnostics versions prior to 1.8 suffer from an authentication bypass vulnerability.
| VAR-E-201506-0160 |
CVE-2015-2797 |
Airties - login-cgi Buffer Overflow (Metasploit) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201506-0118 | EDB ID: 37170 |
Airties - login-cgi Buffer Overflow (Metasploit). CVE-120335CVE-2015-2797 . remote exploit for Hardware platform
| VAR-E-201505-0078 |
CVE-2015-0744 |
Multiple Cisco Products CVE-2015-0744 Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201505-0188 | No EDB ID |
Multiple Cisco products are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
This issue is being tracked by Cisco Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315.
| VAR-E-201505-0351 |
CVE-2014-7858 |
D-Link DNR-326 CVE-2014-7858 Authentication Bypass Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201708-0274 | No EDB ID |
D-Link DNR-326 is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may aid in further attacks.
| VAR-E-201505-0082 |
CVE-2014-0999 CVE-2014-8391 |
Sendio ESP - Information Disclosure - JSP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201506-0202, VAR-201506-0332 | EDB ID: 37114 |
Sendio ESP - Information Disclosure. CVE-2014-0999CVE-122477CVE-2014-8391 . webapps exploit for JSP platform
| VAR-E-201505-0231 | No CVE | Hikvision DS-7108HWI-SH XML Injection / Abuse Issues | No EDB ID |
Hikvision DS-7108HWI-SH suffers from XML injection and abuse control vulnerabilities.
| VAR-E-201505-0188 |
CVE-2015-3036 |
Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201505-0408 | EDB ID: 38454 |
Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution. CVE-2015-3036 . remote exploit for Multiple platform
| VAR-E-201505-0187 |
CVE-2015-3036 |
NetUSB - Kernel Stack Buffer Overflow - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201505-0408 | EDB ID: 38566 |
NetUSB - Kernel Stack Buffer Overflow. CVE-2015-3036CVE-122324 . dos exploit for Hardware platform
| VAR-E-201505-0002 |
CVE-2015-5477 CVE-2015-3456 |
QEMU - Floppy Disk Controller (FDC) (PoC) - Multiple dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201505-0417, VAR-201507-0037 | EDB ID: 37053 |
QEMU - Floppy Disk Controller (FDC) (PoC). CVE-2015-3456CVE-122072 . dos exploit for Multiple platform
| VAR-E-201505-0445 |
CVE-2015-2282 CVE-2015-2278 |
Multiple SAP Products Buffer Overflow and Denial of Service Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201506-0132, VAR-201506-0131 | No EDB ID |
Multiple SAP Products are prone to a buffer-overflow vulnerability and a denial-of-service vulnerability.
Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.
| VAR-E-201505-0004 |
CVE-2015-5477 CVE-2015-3456 |
ISC BIND 9 - TKEY (PoC) - Multiple dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201505-0417, VAR-201507-0037 | EDB ID: 37721 |
ISC BIND 9 - TKEY (PoC). CVE-2015-5477 . dos exploit for Multiple platform
| VAR-E-201505-0003 |
CVE-2015-5477 CVE-2015-3456 |
ISC BIND 9 - TKEY Remote Denial of Service (PoC) - Multiple dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201505-0417, VAR-201507-0037 | EDB ID: 37723 |
ISC BIND 9 - TKEY Remote Denial of Service (PoC). CVE-2015-5477CVE-125438 . dos exploit for Multiple platform
| VAR-E-201505-0301 | No CVE | ZTE F660 - Remote Config Download Vulnerability | No EDB ID |
| VAR-E-201505-0063 | No CVE | ZTE F660 - Remote Configuration Download - Hardware webapps Exploit | EDB ID: 36978 |
ZTE F660 - Remote Configuration Download. CVE-121896 . webapps exploit for Hardware platform
| VAR-E-201505-0061 |
CVE-2015-2248 |
Dell SonicWALL Secure Remote Access (SRA) Appliance - Cross-Site Request Forgery - CGI webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201505-0147 | EDB ID: 36940 |
Dell SonicWALL Secure Remote Access (SRA) Appliance - Cross-Site Request Forgery. CVE-2015-2248CVE-121557 . webapps exploit for CGI platform
| VAR-E-201504-0293 |
CVE-2014-8383 CVE-2014-8384 |
InFocus IN3128HD Projector Missing Authentication Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201505-0272, VAR-201505-0273 | No EDB ID |
| VAR-E-201504-0253 | No CVE | ASUS RT-G32 Router Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities | No EDB ID |
ASUS RT-G32 Router is prone to multiple cross-site scripting vulnerabilities and multiple cross-site request-forgery vulnerabilities.
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and perform unauthorized actions. Other attacks may also be possible.
ASUS RT-G32 router running firmware 2.0.2.6 and 2.0.3.2 are vulnerable.
| VAR-E-201504-0251 | No CVE | Airties Air5650TT - Remote Stack Overflow Exploit | No EDB ID |
| VAR-E-201503-0316 |
CVE-2015-0976 |
Inductive Automation Ignition CVE-2015-0976 Cross Site Scripting Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201504-0075 | No EDB ID |
Inductive Automation Ignition is prone to an unspecified cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Inductive Automation Ignition 7.7.2 is vulnerable; other versions may also be affected.