VARIoT IoT exploits database

Qmail SMTP - Bash Environment Variable Injection (Metasploit). CVE-2014-6271CVE-112004 . remote exploit for Linux platform

Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock). CVE-2014-6278 . webapps exploit for CGI platform

TrendMicro InterScan Web Security Virtual Appliance - 'Shellshock' Remote Command Injection. CVE-2014-6271 . remote exploit for Hardware platform

GNU Bash - 'Shellshock' Environment Variable Command Injection. CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform

GNU Bash - Environment Variable Command Injection (Metasploit). CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for CGI platform

Bash - 'Shellshock' Environment Variables Command Injection. CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform

GNU Bash - 'Shellshock' Environment Variable Command Injection. CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform

GNU Bash - Environment Variable Command Injection (Metasploit). CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for CGI platform

Bash - 'Shellshock' Environment Variables Command Injection. CVE-2014-7910CVE-112004CVE-2014-7227CVE-2014-7196CVE-2014-7169CVE-2014-62771CVE-2014-6271CVE-2014-3671CVE-2014-3659 . remote exploit for Linux platform

Aztech Modem Routers - Session Hijacking. CVE-2014-6436CVE-111433 . remote exploit for Hardware platform

Aztech Modem Routers - Information Disclosure. CVE-2014-6437CVE-111435 . remote exploit for Hardware platform

Airties Air6372SO modem web interface is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

F5 Big-IP - rsync Access. CVE-2014-2927 . remote exploit for Hardware platform

F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.

Multiple Cobham products are prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may lead to further attacks.

Multiple IBM System Networking Products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the affected device. This may aid in further attacks.

D-Link AP 3200 fails to authenticate requests to wireless settings, stores credentials in plaintext, and uses a weak cookie value.

D-Link DWL-3200AP is prone to the following security vulnerabilities: 1. A security-bypass vulnerability 2. Multiple information-disclosure vulnerabilities An attacker can exploit these issues to bypass security restrictions or gain access to potentially sensitive information and perform unauthorized actions in the context of a user session. Other attacks are also possible.

D-Link AP 3200 - Multiple Vulnerabilities. CVE-109787CVE-109786CVE-109785 . webapps exploit for Hardware platform

Sagem F@st 3304-V1 suffers from a denial of service vulnerability.