VARIoT IoT exploits database

VAR-E-201412-0380 |
CVE-2014-7256 |
SEIL Series Routers CVE-2014-7256 Multiple Denial of Service Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201412-0599 | No EDB ID |
SEIL Series Routers are prone to multiple remote denial-of-service vulnerabilities.
An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users.
VAR-E-201412-0425 | No CVE | D-Link DAP-1360 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities | No EDB ID |
D-Link DAP-1360 is prone to a cross-site scripting vulnerability and multiple cross-site request-forgery vulnerabilities.
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
VAR-E-201411-0438 | No CVE | D-Link DAP-1360 Cross Site Scripting / Cross Site Request Forgery | No EDB ID |
The D-Link DAP-1360 suffers from cross site request forgery and cross site scripting vulnerabilities.
VAR-E-201411-0147 |
CVE-2014-7251 |
Yokogawa FAST/TOOLS CVE-2014-7251 XML External Entity Injection Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201412-0588 | No EDB ID |
Yokogawa FAST/TOOLS is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to obtain potentially sensitive information or cause a denial-of-service condition. This may lead to further attacks.
Yokogawa FAST/TOOLS R9.01 through R9.05 are vulnerable.
VAR-E-201411-0495 | No CVE | D-Link DAP-1360 'index.cgi' Multiple Cross Site Request Forgery and HTML Injection Vulnerabilities | No EDB ID |
D-Link DAP-1360 is prone to multiple cross-site request-forgery and HTML-injection vulnerabilities.
An attacker can exploit theses issues to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible
D-Link DAP-1360 firmware version 1.0.0 is vulnerable; other versions may also be affected.
VAR-E-201411-0424 |
CVE-2014-10011 |
TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC) - Windows dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201501-0575 | EDB ID: 35363 |
TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow (PoC). CVE-115037CVE-2014-10011 . dos exploit for Windows platform
VAR-E-201411-0043 |
CVE-2014-8423 CVE-2014-8424 CVE-2014-8425 |
Arris VAP2500 - Authentication Bypass - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201411-0386, VAR-201411-0385, VAR-201411-0384 | EDB ID: 35372 |
Arris VAP2500 - Authentication Bypass. CVE-2014-8425CVE-2014-8424CVE-2014-8423CVE-115046CVE-115045CVE-115042 . webapps exploit for Hardware platform
VAR-E-201411-0073 |
CVE-2014-9350 |
TP-Link TL-WR740N - Denial of Service - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201412-0139 | EDB ID: 35345 |
TP-Link TL-WR740N - Denial of Service. CVE-115017CVE-2014-9350 . dos exploit for Hardware platform
VAR-E-201411-0201 | No CVE | Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access - Hardware webapps Exploit | EDB ID: 35325 |
Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access. CVE-114967 . webapps exploit for Hardware platform
VAR-E-201411-0267 |
CVE-2014-8387 |
Advantech EKI-6340 - Command Injection - CGI webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201411-0358 | EDB ID: 35357 |
Advantech EKI-6340 - Command Injection. CVE-2014-8387CVE-114845CVE-114844 . webapps exploit for CGI platform
VAR-E-201411-0256 |
CVE-2014-8386 |
Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH) - Windows local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201501-0414 | EDB ID: 35503 |
Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH). CVE-2014-8386CVE-114843 . local exploit for Windows platform
VAR-E-201411-0240 | No CVE | D-Link DCS-2103 Directory Traversal | No EDB ID |
D-Link DCS-2103 suffers from path disclosure and directory traversal vulnerabilities.
VAR-E-201411-0127 |
CVE-2014-8727 |
F5 BIG-IP 10.1.0 - Directory Traversal - JSP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201411-0206 | EDB ID: 35222 |
F5 BIG-IP 10.1.0 - Directory Traversal. CVE-2014-8727CVE-114603 . webapps exploit for JSP platform
VAR-E-201411-0150 |
CVE-2014-8591 |
SAP NetWeaver CVE-2014-8591 Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201411-0222 | No EDB ID |
SAP NetWeaver are prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
SAP NetWeaver 7.02 and 7.30 are vulnerable; other versions may also be affected.
VAR-E-201411-0374 | No CVE | D-Link DAP-1360 Information Disclosure and Cross Site Request Forgery Vulnerabilities | No EDB ID |
D-Link DAP-1360 is prone to multiple cross-site request-forgery vulnerabilities and an information-disclosure vulnerability.
Exploiting these issues may allow a remote attacker to perform certain administrative actions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible.
VAR-E-201411-0052 |
CVE-2014-9020 CVE-2014-9183 CVE-2014-9019 CVE-2014-9021 |
ZTE 831CII Hardcoded Credential / XSS / CSRF
Related entries in the VARIoT vulnerabilities database: VAR-201411-0115, VAR-201411-0114, VAR-201411-0113, VAR-201412-0408 | No EDB ID |
ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.
VAR-E-201411-0151 | No CVE | Citrix NetScaler SOAP Handler Memory Corruption Vulnerability | No EDB ID |
Citrix NetScaler is prone to a memory-corruption vulnerability.
Successful exploits may allow attackers to execute arbitrary code within the context of application. Failed attacks may cause a denial-of-service condition.
VAR-E-201410-0224 | No CVE | ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability | No EDB ID |
ZTE ZXDSL 931VII is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
VAR-E-201410-0101 |
CVE-2014-0995 |
SAP NetWeaver Enqueue Server - Denial of Service - Windows dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201411-0262 | EDB ID: 35000 |
SAP NetWeaver Enqueue Server - Denial of Service. CVE-2014-0995CVE-113406 . dos exploit for Windows platform
VAR-E-201410-0385 |
CVE-2014-3566 |
OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201410-1418 | No EDB ID |
OpenSSL is prone to an information disclosure vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks.
The following versions are vulnerable:
OpenSSL 0.9.8 prior to 0.9.8zc
OpenSSL 1.0.0 prior to 1.0.0o
OpenSSL 1.0.1 prior to 1.0.1j