VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201412-0380 CVE-2014-7256
SEIL Series Routers CVE-2014-7256 Multiple Denial of Service Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201412-0599
No EDB ID
SEIL Series Routers are prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users.
VAR-E-201412-0425 No CVE D-Link DAP-1360 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities No EDB ID
D-Link DAP-1360 is prone to a cross-site scripting vulnerability and multiple cross-site request-forgery vulnerabilities. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
VAR-E-201411-0438 No CVE D-Link DAP-1360 Cross Site Scripting / Cross Site Request Forgery No EDB ID
The D-Link DAP-1360 suffers from cross site request forgery and cross site scripting vulnerabilities.
VAR-E-201411-0147 CVE-2014-7251
Yokogawa FAST/TOOLS CVE-2014-7251 XML External Entity Injection Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201412-0588
No EDB ID
Yokogawa FAST/TOOLS is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information or cause a denial-of-service condition. This may lead to further attacks. Yokogawa FAST/TOOLS R9.01 through R9.05 are vulnerable.
VAR-E-201411-0495 No CVE D-Link DAP-1360 'index.cgi' Multiple Cross Site Request Forgery and HTML Injection Vulnerabilities No EDB ID
D-Link DAP-1360 is prone to multiple cross-site request-forgery and HTML-injection vulnerabilities. An attacker can exploit theses issues to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible D-Link DAP-1360 firmware version 1.0.0 is vulnerable; other versions may also be affected.
VAR-E-201411-0424 CVE-2014-10011
TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC) - Windows dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201501-0575
EDB ID: 35363
TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC). CVE-115037CVE-2014-10011 . dos exploit for Windows platform
VAR-E-201411-0043 CVE-2014-8423
CVE-2014-8424
CVE-2014-8425
Arris VAP2500 - Authentication Bypass - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201411-0386, VAR-201411-0385, VAR-201411-0384
EDB ID: 35372
Arris VAP2500 - Authentication Bypass. CVE-2014-8425CVE-2014-8424CVE-2014-8423CVE-115046CVE-115045CVE-115042 . webapps exploit for Hardware platform
VAR-E-201411-0073 CVE-2014-9350
TP-Link TL-WR740N - Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201412-0139
EDB ID: 35345
TP-Link TL-WR740N - Denial of Service. CVE-115017CVE-2014-9350 . dos exploit for Hardware platform
VAR-E-201411-0201 No CVE Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access - Hardware webapps Exploit EDB ID: 35325
Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access. CVE-114967 . webapps exploit for Hardware platform
VAR-E-201411-0267 CVE-2014-8387
Advantech EKI-6340 - Command Injection - CGI webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201411-0358
EDB ID: 35357
Advantech EKI-6340 - Command Injection. CVE-2014-8387CVE-114845CVE-114844 . webapps exploit for CGI platform
VAR-E-201411-0256 CVE-2014-8386
Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH) - Windows local Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201501-0414
EDB ID: 35503
Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH). CVE-2014-8386CVE-114843 . local exploit for Windows platform
VAR-E-201411-0240 No CVE D-Link DCS-2103 Directory Traversal No EDB ID
D-Link DCS-2103 suffers from path disclosure and directory traversal vulnerabilities.
VAR-E-201411-0127 CVE-2014-8727
F5 BIG-IP 10.1.0 - Directory Traversal - JSP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201411-0206
EDB ID: 35222
F5 BIG-IP 10.1.0 - Directory Traversal. CVE-2014-8727CVE-114603 . webapps exploit for JSP platform
VAR-E-201411-0150 CVE-2014-8591
SAP NetWeaver CVE-2014-8591 Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201411-0222
No EDB ID
SAP NetWeaver are prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. SAP NetWeaver 7.02 and 7.30 are vulnerable; other versions may also be affected.
VAR-E-201411-0374 No CVE D-Link DAP-1360 Information Disclosure and Cross Site Request Forgery Vulnerabilities No EDB ID
D-Link DAP-1360 is prone to multiple cross-site request-forgery vulnerabilities and an information-disclosure vulnerability. Exploiting these issues may allow a remote attacker to perform certain administrative actions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible.
VAR-E-201411-0052 CVE-2014-9020
CVE-2014-9183
CVE-2014-9019
CVE-2014-9021
ZTE 831CII Hardcoded Credential / XSS / CSRF

Related entries in the VARIoT vulnerabilities database: VAR-201411-0115, VAR-201411-0114, VAR-201411-0113, VAR-201412-0408
No EDB ID
ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.
VAR-E-201411-0151 No CVE Citrix NetScaler SOAP Handler Memory Corruption Vulnerability No EDB ID
Citrix NetScaler is prone to a memory-corruption vulnerability. Successful exploits may allow attackers to execute arbitrary code within the context of application. Failed attacks may cause a denial-of-service condition.
VAR-E-201410-0224 No CVE ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability No EDB ID
ZTE ZXDSL 931VII is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
VAR-E-201410-0101 CVE-2014-0995
SAP NetWeaver Enqueue Server - Denial of Service - Windows dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201411-0262
EDB ID: 35000
SAP NetWeaver Enqueue Server - Denial of Service. CVE-2014-0995CVE-113406 . dos exploit for Windows platform
VAR-E-201410-0385 CVE-2014-3566
OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201410-1418
No EDB ID
OpenSSL is prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. The following versions are vulnerable: OpenSSL 0.9.8 prior to 0.9.8zc OpenSSL 1.0.0 prior to 1.0.0o OpenSSL 1.0.1 prior to 1.0.1j