VARIoT IoT exploits database
| VAR-E-201301-0078 | No CVE | Advantech WebAccess HMI/SCADA Cross Site Scripting | No EDB ID |
Advantech WebAccess HMI/SCADA software version 7.0-2012.12.05 suffers from a persistent cross site scripting vulnerability.
| VAR-E-201301-0393 |
CVE-2013-2299 |
Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting - ASP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201308-0031 | EDB ID: 23968 |
Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting. CVE-89067CVE-2013-2299 . webapps exploit for ASP platform
| VAR-E-201301-0504 | No CVE | Allied Telesis AT-MCF2000M 3.0.2 Local Root | No EDB ID |
Allied Telesis AT-MCF2000M version 3.0.2 suffers from a local root-level privilege escalation vulnerability.
| VAR-E-201301-0105 | No CVE | Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution - Hardware remote Exploit | EDB ID: 23855 |
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution. CVE-88921 . remote exploit for Hardware platform
| VAR-E-201212-0508 | No CVE | NVidia Display Driver Buffer Overflow | No EDB ID |
This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability.
| VAR-E-201212-0616 | No CVE | Cisco Wireless Lan Controller 7.2.110.0 XSS / CSRF / DoS | No EDB ID |
Cisco Wireless Lan Controller version 7.2.110.0 suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
| VAR-E-201212-0237 |
CVE-2012-5991 CVE-2012-5992 CVE-2012-6007 |
Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201212-0166, VAR-201212-0167, VAR-201212-0168 | EDB ID: 23361 |
Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities. CVE-2012-6007CVE-2012-5992CVE-2012-5991CVE-88388CVE-88387CVE-88386 . dos exploit for Hardware platform
| VAR-E-201212-0226 | No CVE | Cisco DPC2420 Cross Site Scripting / File Disclosure | No EDB ID |
Cisco DPC2420 suffers from cross site scripting, basic auth, and file disclosure vulnerabilities.
| VAR-E-201212-0052 |
CVE-2012-5340 |
SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow - Windows dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-202001-0062 | EDB ID: 23246 |
SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow. CVE-2012-5340CVE-88305CVE-88304 . dos exploit for Windows platform
| VAR-E-201212-0154 | No CVE | Cisco DPC2420 - Multiples Vulnerabilities - Hardware webapps Exploit | EDB ID: 23250 |
Cisco DPC2420 - Multiples Vulnerabilities. CVE-88308CVE-88307CVE-88306 . webapps exploit for Hardware platform
| VAR-E-201212-0228 | No CVE | Buffalo Linkstation Privilege Escalation | No EDB ID |
Buffalo Linkstation (and various other Buffalo products) suffer from a privilege escalation vulnerability where a permanent guest account can be used to change the administrative password.
| VAR-E-201212-0521 |
CVE-2013-1627 |
Advantech Studio 7.0 - SCADA/HMI Directory Traversal - Windows webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201303-0298 | EDB ID: 23132 |
Advantech Studio 7.0 - SCADA/HMI Directory Traversal. CVE-88925CVE-2013-1627 . webapps exploit for Windows platform
| VAR-E-201212-0519 | No CVE | Buffalo Linkstation Privilege Escalation / Information Disclosure | No EDB ID |
Buffalo Linkstation suffers from information disclosure and privilege escalation vulnerabilities.
| VAR-E-201211-0596 | No CVE | Cisco WAG120N Command Execution | No EDB ID |
Cisco WAG120N suffers from a remote command execution vulnerability in setup.cgi.
| VAR-E-201211-0304 |
CVE-2012-6316 |
TP-LINK TL-WR841N 3.13.9 Cross Site Scripting
Related entries in the VARIoT vulnerabilities database: VAR-201409-0021 | No EDB ID |
TP-LINK TL-WR841N versions 3.13.9 Build 120201 Rel.54965n and below suffer from a cross site scripting vulnerability.
| VAR-E-201211-0529 | No CVE | Friends In War Make Or Break 1.3 SQL Injection | No EDB ID |
Friends in War Make or Break version 1.3 suffers from a remote SQL injection vulnerability.
| VAR-E-201211-0237 | No CVE | Friends in War Make or Break 1.3 - Authentication Bypass - PHP webapps Exploit | EDB ID: 22736 |
Friends in War Make or Break 1.3 - Authentication Bypass. CVE-87351 . webapps exploit for PHP platform
| VAR-E-201211-0111 |
CVE-2012-4960 |
Huawei (Multiple Products) - Password Encryption - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201306-0006 | EDB ID: 38020 |
Huawei (Multiple Products) - Password Encryption. CVE-2012-4960CVE-87968 . remote exploit for Hardware platform
| VAR-E-201210-0488 | No CVE | TP-LINK TL-WR841N Local File Inclusion | No EDB ID |
TP-LINK TL-WR841N suffers from a local file inclusion vulnerability. Firmware versions 3.13.9 Build 120201 Rel.54965n and below are affected.
| VAR-E-201210-0020 |
CVE-2012-5687 |
TP-Link TL-WR841N Router - Local File Inclusion - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201211-0400 | EDB ID: 37982 |
TP-Link TL-WR841N Router - Local File Inclusion.. webapps exploit for Hardware platform