VARIoT IoT exploits database
| VAR-E-201405-0120 | No CVE | D-Link Routers - Multiple Vulnerabilities - Hardware webapps Exploit | EDB ID: 33520 |
D-Link Routers - Multiple Vulnerabilities. CVE-106821CVE-106820CVE-106808CVE-106807 . webapps exploit for Hardware platform
| VAR-E-201405-0309 | No CVE | F5 BIG-IQ 4.1.0.2013.0 Password Change | No EDB ID |
F5 BIG-IQ version 4.1.0.2013.0 is vulnerable to a privilege escalation attack which allows an attacker to change the root users password. This Metasploit module does just this, then SSH's in.
| VAR-E-201405-0358 | No CVE | NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - CSRF Vulnerability | No EDB ID |
| VAR-E-201405-0438 | No CVE | F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation Exploit | No EDB ID |
| VAR-E-201405-0325 | No CVE | NETGEAR DGN2200 ADSL Router Cross Site Request Forgery Vulnerability | No EDB ID |
NETGEAR DGN2200 router is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
NETGEAR DGN2200 running firmware version 1.0.0.29_1.7.29 is vulnerable; other versions may also be affected.
| VAR-E-201405-0431 | No CVE | Netgear DGN2200 Cross Site Scripting | No EDB ID |
Netgear DGN2200 suffers from a stored cross site scripting vulnerability.
| VAR-E-201405-0272 | No CVE | Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting - Hardware webapps Exploit | EDB ID: 33138 |
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting. CVE-106530 . webapps exploit for Hardware platform
| VAR-E-201405-0118 |
CVE-2014-2937 CVE-2014-3220 |
F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation (Metasploit) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201405-0338 | EDB ID: 33143 |
F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation (Metasploit). CVE-106532CVE-2014-3220CVE-2014-2937 . remote exploit for Hardware platform
| VAR-E-201405-0185 |
CVE-2014-9727 |
Fritz!Box - Remote Command Execution - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201505-0363 | EDB ID: 33136 |
Fritz!Box - Remote Command Execution. CVE-103289CVE-2014-9727 . webapps exploit for Hardware platform
| VAR-E-201404-0185 |
CVE-2014-3792 |
Beetel 450TC2 Router - Cross-Site Request Forgery (Admin Password) - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201405-0537 | EDB ID: 33129 |
Beetel 450TC2 Router - Cross-Site Request Forgery (Admin Password). CVE-106468CVE-2014-3792 . webapps exploit for Hardware platform
| VAR-E-201404-0060 |
CVE-2014-2976 |
Sixnet Sixview 2.4.1 - Web Console Directory Traversal - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201404-0511 | EDB ID: 32973 |
Sixnet Sixview 2.4.1 - Web Console Directory Traversal. CVE-2014-2976CVE-106149 . webapps exploit for Hardware platform
| VAR-E-201404-0147 | No CVE | Teracom T2-B-Gawv1.4U10Y-BI Cross Site Request Forgery Vulnerability | No EDB ID |
Teracom T2-B-Gawv1.4U10Y-BI is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
| VAR-E-201404-0439 | No CVE | D-Link DAP-1320 Directory Traversal / Cross Site Scripting | No EDB ID |
D-Link DAP-1320 wireless range extenders suffer from cross site scripting and directory traversal vulnerabilities.
| VAR-E-201404-0260 |
CVE-2014-3760 CVE-2014-3761 |
D-Link DAP-1150 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201405-0527, VAR-201405-0528 | No EDB ID |
D-Link DAP-1150 is prone to a cross-site scripting vulnerability and multiple cross-site request-forgery vulnerabilities.
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
D-Link DAP-1150 firmware version 1.2.94 is vulnerable; other versions may also be affected.
| VAR-E-201404-0249 |
CVE-2014-2268 |
Vtiger - 'Install' Remote Command Execution (Metasploit) - PHP remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201411-0075 | EDB ID: 32794 |
Vtiger - 'Install' Remote Command Execution (Metasploit). CVE-2014-2268CVE-105641 . remote exploit for PHP platform
| VAR-E-201404-0108 |
CVE-2014-0160 CVE-2014-0346 |
OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS Versions) - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201404-0592 | EDB ID: 32764 |
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
| VAR-E-201404-0107 |
CVE-2014-0160 CVE-2014-0346 |
OpenSSL TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201404-0592 | EDB ID: 32745 |
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
| VAR-E-201404-0109 |
CVE-2014-0160 CVE-2014-0346 |
OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (1) - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201404-0592 | EDB ID: 32791 |
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
| VAR-E-201404-0110 |
CVE-2014-0160 CVE-2014-0346 |
OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support) - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201404-0592 | EDB ID: 32998 |
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
| VAR-E-201404-0526 | No CVE | ASUS RT-AC68U Cross Site Scripting | No EDB ID |
ASUS RT-AC68U web management interface suffers from a reflective cross site scripting vulnerability.