VARIoT IoT exploits database
| VAR-E-201308-0134 |
CVE-2013-4863 CVE-2016-6255 CVE-2013-4861 CVE-2013-4862 CVE-2013-4865 |
MiCasaVerde VeraLite - Remote Code Execution - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202001-1147, VAR-202001-1149, VAR-202001-1148 | EDB ID: 40589 |
MiCasaVerde VeraLite - Remote Code Execution. CVE-2013-4863CVE-2016-6255 . remote exploit for Hardware platform
| VAR-E-201308-0074 |
CVE-2013-3214 CVE-2013-3212 CVE-2013-3215 CVE-2013-3213 |
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities - PHP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202001-0885, VAR-202001-0887, VAR-201404-0102, VAR-202001-0886 | EDB ID: 27279 |
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities. CVE-2013-3215CVE-2013-3214CVE-2013-3213CVE-2013-3212CVE-95903CVE-95902CVE-95901CVE-95900CVE-95899CVE-95898 . webapps exploit for PHP platform
| VAR-E-201308-0073 |
CVE-2013-3214 CVE-2013-3215 |
vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit) - PHP remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202001-0887, VAR-202001-0886 | EDB ID: 30787 |
vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit). CVE-2013-3214CVE-95902 . remote exploit for PHP platform
| VAR-E-201307-0076 |
CVE-2013-3098 CVE-2013-3365 |
TRENDnet TEW-812DRU - Cross-Site Request Forgery/Command Injection Root - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201402-0099, VAR-201402-0091 | EDB ID: 27177 |
TRENDnet TEW-812DRU - Cross-Site Request Forgery/Command Injection Root. CVE-2013-3365CVE-2013-3098CVE-95804CVE-95803 . webapps exploit for Hardware platform
| VAR-E-201307-0524 | No CVE | Broadkam PJ871 - Authentication Bypass - Hardware webapps Exploit | EDB ID: 27134 |
Broadkam PJ871 - Authentication Bypass. CVE-95777 . webapps exploit for Hardware platform
| VAR-E-201307-0406 |
CVE-2013-4659 |
ASUS RT-AC66U - 'acsd' Remote Command Execution - Linux_MIPS remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201703-0032 | EDB ID: 27133 |
ASUS RT-AC66U - 'acsd' Remote Command Execution. CVE-2013-4659CVE-95778 . remote exploit for Linux_MIPS platform
| VAR-E-201307-0322 | No CVE | Broadkam PJ871 Authentication Bypass Vulnerability | No EDB ID |
Broadkam PJ871 is prone to an authentication-bypass vulnerability.
An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://drupal.org/node/207891
| VAR-E-201307-0008 |
CVE-2013-4890 |
Samsung PS50C7700 TV - Denial of Service - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201307-0393 | EDB ID: 27043 |
Samsung PS50C7700 TV - Denial of Service. CVE-2013-4890CVE-95574 . dos exploit for Hardware platform
| VAR-E-201307-0359 |
CVE-2013-2612 |
Huawei E587 3G Mobile Hotspot Command Injection
Related entries in the VARIoT vulnerabilities database: VAR-202001-0814 | No EDB ID |
Huawei E587 3G Mobile Hotspot version 11.203.27 is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute arbitrary commands with root privileges.
| VAR-E-201307-0259 |
CVE-2013-4877 CVE-2013-4875 CVE-2013-4876 CVE-2013-4874 |
Verizon Wireless Network Extender CVE-2013-4875 Local Privilege Escalation Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201307-0386, VAR-201307-0387, VAR-201307-0388, VAR-201307-0389 | No EDB ID |
Verizon Wireless Network Extender is prone to a local privilege-escalation vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code with elevated privileges and completely compromise the device.
Note: This issue was previously covered in BID 61169 (Verizon Wireless Network Extender Multiple Local Privilege Escalation Vulnerabilities), but has been moved to its own record for better documentation.
Verizon Wireless Network Extender SCS-2U01 is vulnerable.
| VAR-E-201307-0244 |
CVE-2013-3568 |
Linksys WRT110 - Remote Command Execution (Metasploit) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202002-0571 | EDB ID: 28484 |
Linksys WRT110 - Remote Command Execution (Metasploit). CVE-2013-3568CVE-95186 . remote exploit for Hardware platform
| VAR-E-201307-0007 |
CVE-2013-3319 |
SAP Netweaver CVE-2013-3319 Information Disclosure Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201308-0079 | No EDB ID |
SAP Netweaver is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
SAP Netweaver 7.03 and prior are vulnerable.
| VAR-E-201307-0238 | No CVE | Cisco WebEx One-Click Client Password Encryption - Information Disclosure - Windows local Exploit | EDB ID: 38668 |
Cisco WebEx One-Click Client Password Encryption - Information Disclosure.. local exploit for Windows platform
| VAR-E-201307-0367 | No CVE | ABBS Audio Media Player - '.LST' Local Buffer Overflow (Metasploit) - Windows local Exploit | EDB ID: 26579 |
ABBS Audio Media Player - '.LST' Local Buffer Overflow (Metasploit). CVE-75096 . local exploit for Windows platform
| VAR-E-201307-0312 |
CVE-2013-3396 CVE-2013-3395 |
Cisco IronPort Security Management Appliance Multiple issues
Related entries in the VARIoT vulnerabilities database: VAR-201307-0195, VAR-201306-0172 | No EDB ID |
| VAR-E-201306-0228 |
CVE-2013-1414 |
Fortigate Firewalls - Cross-Site Request Forgery - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201307-0030 | EDB ID: 26528 |
Fortigate Firewalls - Cross-Site Request Forgery. CVE-2013-1414CVE-94724 . webapps exploit for Hardware platform
| VAR-E-201306-0687 | No CVE | ASUS RT-N66U Directory Traversal | No EDB ID |
ASUS RT-N66U when HTTPS WebService via AiCloud is enabled suffers from a remote directory traversal vulnerability.
| VAR-E-201306-0341 | No CVE | TRENDnet TE100-P1U Multiple Authentication Bypass Vulnerabilities | No EDB ID |
TRENDnet TE100-P1U is prone to multiple authentication-bypass vulnerabilities.
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions on the affected device. This may aid in further attacks.
TRENDnet TE100-P1U firmware version 4.11 is affected; other versions may also be vulnerable.
| VAR-E-201306-0192 | No CVE | Cisco Linksys X3000 Router Multiple Security Vulnerabilities | No EDB ID |
Cisco Linksys X3000 Router is prone to the following security vulnerabilities:
1. Multiple command-execution vulnerabilities
2. A security-bypass vulnerability
3. Multiple cross-site scripting vulnerabilities
An attacker can exploit these issues to execute arbitrary commands, bypass certain security restrictions, steal cookie-based authentication credentials, or perform unauthorized actions in the context of a user session.
Cisco Linksys X3000 1.0.03 build 001 is vulnerable; other versions may also be affected.
| VAR-E-201306-0065 | No CVE | TP-Link TL-PS110U Print Server - 'tplink-enum.py' Security Bypass - Hardware remote Exploit | EDB ID: 38591 |
TP-Link TL-PS110U Print Server - 'tplink-enum.py' Security Bypass.. remote exploit for Hardware platform