VARIoT IoT exploits database
| VAR-E-201403-0243 |
CVE-2014-0784 |
Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Remote Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201403-0448 | EDB ID: 32210 |
Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Remote Buffer Overflow (Metasploit). CVE-2014-0784CVE-104429 . remote exploit for Windows platform
| VAR-E-201403-0041 |
CVE-2014-0683 CVE-2015-6396 |
Cisco RV110W - Password Disclosure / Command Execution - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201608-0273, VAR-201403-0204 | EDB ID: 45986 |
Cisco RV110W - Password Disclosure / Command Execution. CVE-2015-6396CVE-2014-0683 . remote exploit for Hardware platform
| VAR-E-201402-0042 |
CVE-2014-1677 |
Technicolor TC7200 - Credentials Disclosure - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201704-0432 | EDB ID: 31894 |
Technicolor TC7200 - Credentials Disclosure. CVE-2014-1677CVE-103712 . webapps exploit for Hardware platform
| VAR-E-201402-0548 | No CVE | D-LINK DIR-615 Cross Site Request Forgery | No EDB ID |
D-LINK DIR-615 hardware version E4 with firmware version 5.10 suffers from a cross site request forgery vulnerability.
| VAR-E-201402-0092 | No CVE | NetGear N300 DGN2200 Multiple Security Vulnerabilities | No EDB ID |
NetGear N300 DGN2200 is prone to the following security vulnerabilities:
1. A local information-disclosure vulnerability
2. Multiple cross-site request forgery vulnerabilities
3. An arbitrary file-access vulnerability
4. Multiple remote command-execution vulnerabilities
5. An unauthorized-access weakness
6. A security-bypass weakness
Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information, perform unauthorized actions in the context of a logged-in user, gain unauthorized access, or execute arbitrary commands in the context of the affected application.
NetGear N300 DGN2200 running firmware 1.0.0.36-7.0.37 is vulnerable.
| VAR-E-201402-0152 | No CVE | D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery - Hardware webapps Exploit | EDB ID: 31569 |
D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery. CVE-103350 . webapps exploit for Hardware platform
| VAR-E-201402-0207 | No CVE | Netgear D6300B Command Injection / Misconfiguration | No EDB ID |
Netgear D6300B routers suffer from remote command injection, root shell spawning, UPnP issues, credentials being submitted in the clear, and additional vulnerabilities.
| VAR-E-201402-0144 | No CVE | Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution - Hardware remote Exploit | EDB ID: 39089 |
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution. CVE-102902 . remote exploit for Hardware platform
| VAR-E-201402-0426 | No CVE | Inteno DG301 - Command Injection - Hardware webapps Exploit | EDB ID: 31430 |
Inteno DG301 - Command Injection. CVE-102950 . webapps exploit for Hardware platform
| VAR-E-201402-0556 | No CVE | Inteno DG301 Command Injection | No EDB ID |
Inteno DG301 routers are susceptible to a remote command injection vulnerability. Proof of concept included.
| VAR-E-201402-0438 | No CVE | SAP NetWeaver Multiple Security Vulnerabilities | No EDB ID |
SAP NetWeaver is prone to multiple security vulnerabilities, including:
1. An information-disclosure vulnerability
2. Multiple cross-site scripting vulnerabilities
3. A denial-of-service vulnerability
Attackers can exploit these issues to obtain sensitive information, perform a denial-of-service attack, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
| VAR-E-201401-0425 | No CVE | A10 Networks AX ADC 'filename' parameter Directory Traversal Vulnerability | No EDB ID |
A10 Networks AX ADC is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks.
This vulnerability affects the following versions:
AX ADC 2.7.0 build 217 and earlier
AX ADC 2.6.1 GR1-P5 and earlier
| VAR-E-201401-0057 |
CVE-2014-0750 |
GE Proficy CIMPLICITY - 'gefebt.exe' Remote Code Execution (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201401-0364 | EDB ID: 31987 |
GE Proficy CIMPLICITY - 'gefebt.exe' Remote Code Execution (Metasploit). CVE-2014-0750CVE-101193 . remote exploit for Windows platform
| VAR-E-201401-0011 |
CVE-2014-2013 | MuPDF 1.3 - 'xps_parse_color()' Stack Buffer Overflow - Windows local Exploit | EDB ID: 31090 |
MuPDF 1.3 - 'xps_parse_color()' Stack Buffer Overflow. CVE-102340CVE-2014-2013 . local exploit for Windows platform
| VAR-E-201401-0355 |
CVE-2013-6343 |
ASUS RT-N56U - Remote Buffer Overflow (ROP) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201401-0239 | EDB ID: 31033 |
ASUS RT-N56U - Remote Buffer Overflow (ROP). CVE-2013-6343CVE-102267 . remote exploit for Hardware platform
| VAR-E-201401-0379 |
CVE-2013-2827 |
KingScada - kxClientDownload.ocx ActiveX Remote Code Execution (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201401-0055 | EDB ID: 31575 |
KingScada - kxClientDownload.ocx ActiveX Remote Code Execution (Metasploit). CVE-2013-2827CVE-102135 . remote exploit for Windows platform
| VAR-E-201401-0070 |
CVE-2013-7204 |
Conceptronic Wireless Pan & Tilt Network Camera - Cross-Site Request Forgery - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201401-0286 | EDB ID: 30914 |
Conceptronic Wireless Pan & Tilt Network Camera - Cross-Site Request Forgery. CVE-2013-7204CVE-101930 . webapps exploit for Hardware platform
| VAR-E-201401-0464 | No CVE | Multiple TP-Link Routers Multiple Cross Site Request Forgery and HTML Injection Vulnerabilities | No EDB ID |
Multiple TP-Link Routers are prone to multiple cross-site request-forgery and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible.
| VAR-E-201401-0170 |
CVE-2014-0620 |
Technicolor TC7200 - Multiple Cross-Site Scripting Vulnerabilities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201401-0350 | EDB ID: 30668 |
Technicolor TC7200 - Multiple Cross-Site Scripting Vulnerabilities. CVE-2014-0620CVE-101733CVE-101732 . webapps exploit for Hardware platform
| VAR-E-201401-0124 |
CVE-2014-0621 |
Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201401-0351 | EDB ID: 30667 |
Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities. CVE-2014-0621CVE-101731CVE-101730CVE-101729CVE-101728 . webapps exploit for Hardware platform