VARIoT IoT exploits database

Airties Air5650TT - Remote Stack Overflow. CVE-120335CVE-2015-2797 . remote exploit for Multiple platform

ASUS RT-G32 Router is prone to multiple cross-site scripting vulnerabilities. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. ASUS RT-G32 router running firmware versions 2.0.2.6, and 2.0.3.2 are vulnerable.

It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.

Cimon CmnView is prone to a vulnerability that lets attackers execute arbitrary code. Successful exploits will allow the attackers to execute arbitrary code in the context of the user running the affected application.

Sagem F@st 3304-V2 - Telnet Crash (PoC). CVE-119602 . dos exploit for Hardware platform

ASUS RT-G32 suffers from cross site request forgery and cross site scripting vulnerabilities.

Sagem F@st 3304-V2 - Local File Inclusion. CVE-119605 . webapps exploit for Hardware platform

Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak.. webapps exploit for Hardware platform

Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers. CVE-2015-2080 . remote exploit for Multiple platform

Multiple D-Link and TRENDnet routers are prone to a local unauthenticated vulnerability, a remote unauthenticated vulnerability and a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain unauthorized root access to an affected device. Successful exploits will result in the complete compromise of an affected device. Following products are vulnerable: D-Link DIR-820L (Rev A) 1.02B10, DIR-820L (Rev A) 1.05B03, and DIR-820L (Rev B) 2.01b02 TRENDnet TEW-731BR (Rev 2) 2.01b01

D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change. CVE-117675 . webapps exploit for Hardware platform

Remote exploit for changing DNS settings unauthenticated on the D-Link DSL-2640B.

Multiple NetGear Routers are prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain potentially sensitive information. NetGear WNDR3700v4 V1.0.0.4SH, WNDR3700v4 V1.0.1.52, WNR2200 V1.0.1.88, WNR2500 V1.0.0.24 are vulnerable.

Exploit for remotely changing DNS settings on the D-Link DSL-2740R router.

D-Link DSL-2740R - Remote DNS Change. CVE-117675 . remote exploit for Hardware platform

Android WiFi-Direct - Denial of Service. CVE-2014-0997CVE-117581 . dos exploit for Android platform

Schneider Electric ETG3000 FactoryCast HMI Gateway is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the affected device. This may aid in further attacks.

Sierra Wireless AirCard is prone to an HTTP header-injection vulnerability. A successful attack may allow attackers to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website; this may aid in launching further attacks. Sierra Wireless AirCard versions 760S, 762S, and 763S are vulnerable.

TP-Link TL-WR840N is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. An attacker can exploit this issue to perform certain unauthorized administrative actions. Other attacks are also possible. TP-Link TL-WR840N Router running firmware 3.13.27 Build 140714 and prior are vulnerable.