VARIoT IoT exploits database
| VAR-E-201310-0226 | No CVE | D-Link DIR-605L - Captcha Handling Buffer Overflow (Metasploit) - Hardware remote Exploit | EDB ID: 29127 |
D-Link DIR-605L - Captcha Handling Buffer Overflow (Metasploit). CVE-86824 . remote exploit for Hardware platform
| VAR-E-201310-0573 | No CVE | ARRIS DG860A NVRAM Backup Compressor / Decompressor | No EDB ID |
This exploit lets your extract the ARRIS DG860A NVRAM backup where password information is stored in plain text.
| VAR-E-201310-0366 |
CVE-2013-6025 | SAP Sybase Adaptive Server Enterprise - XML External Entity Information Disclosure - Multiple remote Exploit | EDB ID: 38805 |
SAP Sybase Adaptive Server Enterprise - XML External Entity Information Disclosure. CVE-2013-6025CVE-98655 . remote exploit for Multiple platform
| VAR-E-201310-0354 |
CVE-2013-6027 |
D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Remote Stack Buffer Overflow - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201310-0389 | EDB ID: 38810 |
D-Link / PLANEX COMMUNICATIONS - 'RuntimeDiagnosticPing()' Remote Stack Buffer Overflow. CVE-2013-6027CVE-98805 . remote exploit for Hardware platform
| VAR-E-201310-0462 | No CVE | Indusoft Thin Client 7.1 Buffer Overflow | No EDB ID |
Indusoft Thin Client version 7.1 suffers from an active-x buffer overflow vulnerability.
| VAR-E-201310-0221 | No CVE | Indusoft Thin Client 7.1 - ActiveX Buffer Overflow - Windows remote Exploit | EDB ID: 28853 |
Indusoft Thin Client 7.1 - ActiveX Buffer Overflow. CVE-98333 . remote exploit for Windows platform
| VAR-E-201310-0368 | No CVE | InduSoft Thin Client 'novapi7.dll' ActiveX Control Buffer Overflow Vulnerability | No EDB ID |
InduSoft Thin Client is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
InduSoft Thin Client 7.1 is vulnerable; other versions may also be affected.
| VAR-E-201310-0247 | No CVE | ONO Hitron CDE-30364 Router Denial of Service Vulnerability | No EDB ID |
ONO Hitron CDE-30364 router is prone to a denial-of-service vulnerability because it fails to properly bounds-check user-supplied data.
An attacker can exploit this issue to cause a denial-of-service condition.
| VAR-E-201309-0466 | No CVE | ASUS RT-N66U 3.0.0.4.374_720 Cross Site Request Forgery | No EDB ID |
ASUS RT-N66U suffers from a cross site request forgery vulnerability that allows for arbitrary command execution.
| VAR-E-201309-0343 | No CVE | Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery - Hardware webapps Exploit | EDB ID: 28652 |
Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery. CVE-98455 . webapps exploit for Hardware platform
| VAR-E-201309-0005 | No CVE | ASUS RT-N66U 'apply.cgi' Cross Site Request Forgery Vulnerability | No EDB ID |
ASUS RT-N66U is prone to a cross-site request-forgery vulnerability.
Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.
ASUS RT-N66U 3.0.0.4.374_720 is vulnerable; other versions may also be affected.
| VAR-E-201309-0258 | No CVE | FiberHome Modem Router HG-110 Directory Traversal And Security Bypass Vulnerabilities | No EDB ID |
FiberHome Modem Router HG-110 is prone to directory traversal and security bypass vulnerabilities.
Exploiting these issues will allow an attacker to bypass security restrictions, perform unauthorized actions and access, read and execute files outside the webroot folder. Information harvested may aid in launching further attacks.
FiberHome Modem Router HG-110 running firmware HG110_BH_V1.6 is vulnerable; other versions may also be affected.
| VAR-E-201309-0248 |
CVE-2013-5091 |
vTiger CRM 5.4.0 - 'index.php?onlyforuser' SQL Injection - PHP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201310-0304 | EDB ID: 28409 |
vTiger CRM 5.4.0 - 'index.php?onlyforuser' SQL Injection. CVE-2013-5091CVE-97504 . webapps exploit for PHP platform
| VAR-E-201309-0307 | No CVE | ONO Hitron CDE-30364 Multiple Cross Site Request Forgery Vulnerabilities | No EDB ID |
ONO Hitron CDE-30364 is prone to multiple cross-site request-forgery vulnerabilities.
Attackers can exploit these issues to perform certain administrative actions and gain unauthorized access to the affected device.
| VAR-E-201309-0476 | No CVE | D-Link DIR-505 Bypass / Privilege Escalation/ Traversal / Code Injection | No EDB ID |
D-Link DIR-505 devices suffer from privilege escalation issues due to hard-coded credentials, path traversal, command injection, weak encryption, and authentication bypass vulnerabilities. Firmware versions 1.06 and below are affected.
| VAR-E-201309-0300 | No CVE | D-Link DIR-505 1.06 - Multiple Vulnerabilities - Hardware webapps Exploit | EDB ID: 28184 |
D-Link DIR-505 1.06 - Multiple Vulnerabilities. CVE-97179CVE-97178CVE-97177CVE-97176CVE-97175CVE-97174 . webapps exploit for Hardware platform
| VAR-E-201309-0002 |
CVE-2013-5037 CVE-2013-5220 CVE-2013-5219 CVE-2013-5038 CVE-2013-5039 CVE-2013-5218 |
Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201312-0131, VAR-201312-0132, VAR-201312-0133, VAR-201312-0374, VAR-201312-0375, VAR-201312-0376 | EDB ID: 29518 |
Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities. CVE-2013-5220CVE-99381CVE-2013-5219CVE-2013-5218CVE-2013-5039CVE-2013-5038CVE-2013-5037CVE-99360CVE-99359CVE-99358CVE-99357CVE-99356 . webapps exploit for Hardware platform
| VAR-E-201309-0010 | No CVE | D-Link DIR-505 Router Multiple Security Vulnerabilities | No EDB ID |
D-Link DIR-505 router is prone to the following security vulnerabilities:
1. A command-injection vulnerability
2. A file encryption weakness
3. A directory-traversal vulnerability
4. An arbitrary file-upload vulnerability
5. Multiple authentication bypass vulnerabilities
An attacker can exploit these issues to gain access to potentially sensitive information, execute arbitrary commands in the context of the affected device, upload arbitrary files and bypass certain security restrictions to perform unauthorized actions. Other attacks are also possible.
D-Link DIR-505 running firmware versions 1.06 and prior are vulnerable.
| VAR-E-201309-0047 |
CVE-2013-5730 |
D-Link DSL-2740B - Multiple Cross-Site Request Forgery Vulnerabilities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201311-0179 | EDB ID: 28239 |
D-Link DSL-2740B - Multiple Cross-Site Request Forgery Vulnerabilities. CVE-2013-5730CVE-97278 . webapps exploit for Hardware platform
| VAR-E-201309-0089 |
CVE-2013-5132 |
Apple Time Capsule and AirPort Base Station CVE-2013-5132 Remote Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201309-0410 | No EDB ID |
Apple Time Capsule and AirPort Base Station are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an unexpected base station system termination, triggering a denial-of-service condition for legitimate users.
Apple Time Capsule and AirPort Base Station running firmware versions prior to 7.6.4 are affected.