VARIoT IoT exploits database

VAR-E-201306-0196	CVE-2013-3963 CVE-2013-3542 CVE-2013-3962	Grandstream Multiple IP Cameras - Cross-Site Request Forgery - Hardware remote Exploit Related entries in the VARIoT vulnerabilities database: VAR-201310-0247, VAR-201310-0248, VAR-201912-1585	EDB ID: 38584

Grandstream Multiple IP Cameras - Cross-Site Request Forgery. CVE-2013-3963CVE-94222 . remote exploit for Hardware platform

VAR-E-201306-0692	No CVE	MobileIron Virtual Smartphone Platform Privilege Escalation	No EDB ID

The MobileIron VSP appliance provides a restricted "clish" java application that can be used for performing a minimal amount of configuration and requires an "enable" password for elevated privileges. Probing under the hood of this shell indicates that certain commands are run in the native linux OS with sudo, by using the "show processes" command you can see the commands being used. Due to a lack of input sanitization, it is possible to run arbitrary commands as root.

VAR-E-201306-0172	CVE-2013-1606	Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC) - Hardware dos Exploit Related entries in the VARIoT vulnerabilities database: VAR-201307-0139	EDB ID: 26138

Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow (PoC). CVE-2013-1606CVE-94211 . dos exploit for Hardware platform

VAR-E-201306-0323	No CVE	MobileIron Virtual Smartphone Platform - Privilege Escalation - Hardware remote Exploit	EDB ID: 26075

MobileIron Virtual Smartphone Platform - Privilege Escalation. CVE-94198 . remote exploit for Hardware platform

VAR-E-201306-0087	No CVE	Netgear WPN824v3 - Unauthorized Configuration Download - Hardware webapps Exploit	EDB ID: 25969

Netgear WPN824v3 - Unauthorized Configuration Download. CVE-94102 . webapps exploit for Hardware platform

VAR-E-201306-0201	No CVE	RETIRED: Parallels Plesk Panel Arbitrary PHP Code Injection Vulnerability	No EDB ID

Parallels Plesk Panel is prone to an arbitrary PHP code-injection vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected application. The following versions are affected: Parallels Plesk Panel 9.5.4 Parallels Plesk Panel 9.3 Parallels Plesk Panel 9.2 Parallels Plesk Panel 9.0 Parallels Plesk Panel 8.6

VAR-E-201306-0696	No CVE	Netgear WPN824v3 Unauthorized Config Download	No EDB ID

Netgear WPN824v3 allows for a remote party to download the configuration file unauthenticated.

VAR-E-201306-0656	No CVE	NetGear WPN824v3 Information Disclosure Vulnerability	No EDB ID

NetGear WPN824v3 is prone to an information-disclosure vulnerability. An attacker can exploit this issue to download configuration file and disclose sensitive information. Information obtained may aid in further attacks.

VAR-E-201305-0084	No CVE	Multiple Netgear DGN Devices Remote Authentication Bypass Vulnerability	No EDB ID

Netgear DGN1000 and DGN2200 devices are prone to a remote authentication-bypass vulnerability. Remote attackers can exploit this issue to bypass the authentication mechanism and execute commands within the context of affected devices with elevated privileges. The following versions are vulnerable: NetGear DGN1000 running firmware prior to version 1.1.00.48 Netgear DGN2200 v1

VAR-E-201305-0246	No CVE	TP-LINK WR842ND Directory Traversal	No EDB ID

TP-LINK WR842ND suffers from a remote directory traversal vulnerability.

VAR-E-201305-0258	No CVE	TP-Link WR842ND - Remote Multiple SSID Directory Traversals - Hardware webapps Exploit	EDB ID: 25810

TP-Link WR842ND - Remote Multiple SSID Directory Traversals. CVE-94095 . webapps exploit for Hardware platform

VAR-E-201305-0003	CVE-2013-2567 CVE-2013-2570 CVE-2013-2568 CVE-2013-2569	Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities - Hardware webapps Exploit Related entries in the VARIoT vulnerabilities database: VAR-202001-0852, VAR-202001-0850, VAR-202001-0851, VAR-202001-0849	EDB ID: 25815

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities. CVE-2013-2570CVE-2013-2569CVE-2013-2568CVE-2013-2567CVE-93713CVE-93712CVE-93711CVE-93710 . webapps exploit for Hardware platform

VAR-E-201305-0137	CVE-2013-2573 CVE-2013-2572	TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities - Hardware webapps Exploit Related entries in the VARIoT vulnerabilities database: VAR-202001-0855, VAR-202001-0854	EDB ID: 25812

TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities. CVE-2013-2573CVE-2013-2572CVE-93707CVE-93706 . webapps exploit for Hardware platform

VAR-E-201305-0470	No CVE	Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution - Hardware local Exploit	EDB ID: 25718

Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution. CVE-93552 . local exploit for Hardware platform

VAR-E-201305-0259	No CVE	Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities - Windows dos Exploit	EDB ID: 25719

Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities. CVE-93551 . dos exploit for Windows platform

VAR-E-201305-0461	No CVE	Trend Micro DirectPass 1.5.0.1060 Command Injection / Denial Of Service	No EDB ID

Trend Micro DirectPass 1.5.0.1060 suffers from local command/path injection, persistent code injection, and a denial of service vulnerability.

VAR-E-201305-0490	No CVE	Trend Micro DirectPass - Cloud Software Vulnerabilities	No EDB ID

VAR-E-201305-0284	No CVE	Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities	No EDB ID

VAR-E-201305-0007	No CVE	Trend Micro DirectPass 'InstallWorkspace.exe' Local Command Injection Vulnerability	No EDB ID

Trend Micro DirectPass is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands within the context of the affected application. Successful exploits may compromise the affected application. Trend Micro DirectPass 1.5.0.1060 is vulnerable; others versions may also be affected.

VAR-E-201305-0081	No CVE	Cisco Linksys E4200 Firmware - XSS/LFI Vulnerabilities	No EDB ID