VARIoT IoT exploits database
| VAR-E-201410-0378 | No CVE | SAP BusinessObjects Explorer 14.0.5 Information Disclosure | No EDB ID |
SAP BusinessObjects Explorer version 14.0.5 does not validate the user defined inputs of parameter CMS name, which consists of a host name and port number. This can be used to perform a port scan within the network range where the BusinessObject Explorer server is located. This vulnerability could be triggered as unauthenticated user.
| VAR-E-201410-0455 | No CVE | SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing | No EDB ID |
SAP BusinessObjects Explorer 14.0.5 suffers from a cross site flashing vulnerability. It is possible to directly load and display the com_businessobjects_polestar_bootstrap.swf Flash file and specify a configUrl. This requires the victim to be logged and the attacker needs to know the /webres/ URL, which is known as soon as the attacker is in possession of valid credentials. The configuration file specified in the configURL parameter may reside on a foreign host. The configuration file itself may contain URLs of further Flash files residing on a foreign domain. If successful, the victim loads foreign Flash files, which leads to Cross Site Flashing.
| VAR-E-201410-0140 |
CVE-2014-6033 |
F5 Big-IP 11.3.0.39.0 XML External Entity Injection #2
Related entries in the VARIoT vulnerabilities database: VAR-201411-0351 | No EDB ID |
F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.
| VAR-E-201409-0013 |
CVE-2014-6271 CVE-2014-6278 |
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) - CGI remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-1156 | EDB ID: 39918 |
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit). CVE-2014-6271 . remote exploit for CGI platform
| VAR-E-201409-0560 |
CVE-2014-7910 CVE-2014-7227 CVE-2014-7196 CVE-2014-7169 CVE-2014-62771 CVE-2014-6271 CVE-2014-3671 CVE-2014-3659 CVE-2014-6277 |
IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection - CGI webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201409-1155, VAR-201409-0366 | EDB ID: 34839 |
IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection. CVE-2014-7910CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-112004CVE-2014-6271CVE-2014-3671CVE-2014-3659 . webapps exploit for CGI platform
| VAR-E-201409-0022 |
CVE-2014-6271 CVE-2014-6278 |
RedStar 3.0 Server - 'Shellshock' 'BEAM' / 'RSSMON' Command Injection - Linux local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-1156 | EDB ID: 40938 |
RedStar 3.0 Server - 'Shellshock' 'BEAM' / 'RSSMON' Command Injection. CVE-2014-6271 . local exploit for Linux platform
| VAR-E-201409-0010 |
CVE-2014-6278 CVE-2014-6271 CVE-2014-6277 |
Apache mod_cgi - 'Shellshock' Remote Command Injection - Linux remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-1156, VAR-201409-0366 | EDB ID: 34900 |
Apache mod_cgi - 'Shellshock' Remote Command Injection. CVE-2014-6278CVE-2014-6271 . remote exploit for Linux platform
| VAR-E-201409-0023 |
CVE-2014-6277 CVE-2014-6278 |
Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-0366 | EDB ID: 35081 |
Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash. CVE-2014-6277 . dos exploit for Linux platform
| VAR-E-201409-0017 |
CVE-2014-7196 CVE-2014-6271 CVE-2014-6278 |
Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) - CGI remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-1156 | EDB ID: 38849 |
Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit). CVE-2014-7196CVE-112004CVE-2014-6271 . remote exploit for CGI platform
| VAR-E-201409-0012 |
CVE-2014-6278 CVE-2014-6277 |
Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-0366 | EDB ID: 39568 |
Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock). CVE-2014-6278 . remote exploit for Hardware platform
| VAR-E-201409-0565 |
CVE-2014-7196 CVE-2014-6271 CVE-2014-6278 |
Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) - CGI remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-1156 | EDB ID: 38849 |
Advantech Switch - 'Shellshock' Bash Environment Variable Command Injection (Metasploit). CVE-2014-7196CVE-112004CVE-2014-6271 . remote exploit for CGI platform
| VAR-E-201409-0561 |
CVE-2014-6278 CVE-2014-6271 CVE-2014-6277 |
Apache mod_cgi - 'Shellshock' Remote Command Injection - Linux remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-1156, VAR-201409-0366 | EDB ID: 34900 |
Apache mod_cgi - 'Shellshock' Remote Command Injection. CVE-2014-6278CVE-2014-6271 . remote exploit for Linux platform
| VAR-E-201410-0023 |
CVE-2014-7910 CVE-2014-7227 CVE-2014-7196 CVE-2014-7169 CVE-2014-62771 CVE-2014-6271 CVE-2014-3671 CVE-2014-3659 CVE-2014-6277 |
QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201409-1155, VAR-201409-0366 | EDB ID: 36504 |
QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit). CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Hardware platform
| VAR-E-201410-0026 |
CVE-2014-7910 CVE-2014-7227 CVE-2014-7196 CVE-2014-7169 CVE-2014-62771 CVE-2014-6271 CVE-2014-3671 CVE-2014-3659 CVE-2014-6277 |
OpenVPN 2.2.29 - 'Shellshock' Remote Command Injection - Linux remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201409-1155, VAR-201409-0366 | EDB ID: 34879 |
OpenVPN 2.2.29 - 'Shellshock' Remote Command Injection. CVE-2014-7910CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-112004CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform
| VAR-E-201410-0030 |
CVE-2014-7910 CVE-2014-7227 CVE-2014-7196 CVE-2014-7169 CVE-2014-62771 CVE-2014-6271 CVE-2014-3671 CVE-2014-3659 CVE-2014-6277 |
PHP < 5.6.2 - 'Shellshock' Safe Mode / disable_functions Bypass / Command Injection - PHP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201409-1155, VAR-201409-0366 | EDB ID: 35146 |
PHP < 5.6.2 - 'Shellshock' Safe Mode / disable_functions Bypass / Command Injection. CVE-2014-7910CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-112004CVE-2014-6271CVE-2014-3671CVE-2014-3659 . webapps exploit for PHP platform
| VAR-E-201410-0022 |
CVE-2014-7910 CVE-2014-7227 CVE-2014-7196 CVE-2014-7169 CVE-2014-62771 CVE-2014-6271 CVE-2014-3671 CVE-2014-3659 CVE-2014-6277 |
Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) - CGI webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201409-1155, VAR-201409-0366 | EDB ID: 34895 |
Bash CGI - 'Shellshock' Remote Command Injection (Metasploit). CVE-2014-7910CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-112004CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . webapps exploit for CGI platform
| VAR-E-201410-0029 |
CVE-2014-7910 CVE-2014-7227 CVE-2014-7196 CVE-2014-7169 CVE-2014-62771 CVE-2014-6271 CVE-2014-3671 CVE-2014-3659 CVE-2014-6277 |
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection - Linux remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201409-1155, VAR-201409-0366 | EDB ID: 34896 |
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection. CVE-2014-7910CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-112004CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform
| VAR-E-201410-0024 |
CVE-2014-7910 CVE-2014-7227 CVE-2014-7196 CVE-2014-7169 CVE-2014-62771 CVE-2014-6271 CVE-2014-3671 CVE-2014-3659 CVE-2014-6277 |
IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection - CGI webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201409-1155, VAR-201409-0366 | EDB ID: 34839 |
IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection. CVE-2014-7910CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-112004CVE-2014-6271CVE-2014-3671CVE-2014-3659 . webapps exploit for CGI platform
| VAR-E-201410-0027 |
CVE-2014-7910 CVE-2014-7227 CVE-2014-7196 CVE-2014-7169 CVE-2014-62771 CVE-2014-6271 CVE-2014-5288 CVE-2014-5287 CVE-2014-3671 CVE-2014-3659 CVE-2014-6277 |
Kemp Load Master 7.1.16 - Multiple Vulnerabilities - Multiple webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201409-1155, VAR-201409-0366 | EDB ID: 36609 |
Kemp Load Master 7.1.16 - Multiple Vulnerabilities. CVE-2014-7910CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-5288CVE-2014-5287CVE-2014-3671CVE-120255CVE-2014-3659CVE-120254CVE-120253CVE-120252CVE-120251CVE-120250CVE-120249CVE-112004 . webapps exploit for Multiple platform
| VAR-E-201409-0021 |
CVE-2014-6271 CVE-2014-6278 |
Qmail SMTP - Bash Environment Variable Injection (Metasploit) - Linux remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201409-1154, VAR-201409-1156 | EDB ID: 42938 |
Qmail SMTP - Bash Environment Variable Injection (Metasploit). CVE-2014-6271CVE-112004 . remote exploit for Linux platform