Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201203-0977 No CVE Sitecom WLM-2501 Cross Site Request Forgery No EDB ID
Sitecom WLM-2501 suffers from multiple cross site request forgery vulnerabilities.
VAR-E-201203-0135 CVE-2012-1921
CVE-2012-1922
 Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities - ASP webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201208-0530, VAR-201301-0216		 EDB ID: 18651
Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities. CVE-80538CVE-2012-1922CVE-2012-1921 . webapps exploit for ASP platform
VAR-E-201203-0531 No CVE Sitecom WLM-2501 Multiple Cross Site Request Forgery Vulnerabilities No EDB ID
Sitecom WLM-2501 is prone to multiple cross-site request-forgery vulnerabilities because the device fails to properly validate HTTP requests. Attackers can exploit these issues to gain unauthorized access to the affected device and perform certain administrative actions.
VAR-E-201203-0426 No CVE Cisco Wireless-G PTZ Internet Video Camera WVC200 'PlayerPT.ocx' Buffer Overflow Vulnerability No EDB ID
Cisco Wireless-G PTZ Internet Video Camera WVC200 is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using an affected ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions. Cisco Wireless-G PTZ Internet Video Camera WVC200 1.0.0.15 is vulnerable; other versions may also be affected.
VAR-E-201203-0334 No CVE D-Link DIR-605 Cross Site Request Forgery No EDB ID
D-Link DIR-605 suffers from a cross site request forgery vulnerability.
VAR-E-201203-0850 No CVE RETIRED: vtiger CRM 'module_name' Parameter Local File Include Vulnerability No EDB ID
vtiger CRM is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks. vtiger CRM 5.1.0 is vulnerable; other versions may also be affected. This BID is being retired as a duplicate of BID 47263 (vtiger CRM 'sortfieldsjson.php' Local File Include Vulnerability).
VAR-E-201203-0254 No CVE D-Link DIR-605 - Cross-Site Request Forgery - Hardware webapps Exploit EDB ID: 18638
D-Link DIR-605 - Cross-Site Request Forgery. CVE-80549 . webapps exploit for Hardware platform
VAR-E-201203-0268 No CVE Citrix 11.6.1 - Licensing Administration Console Denial of Service - Windows dos Exploit EDB ID: 36969
Citrix 11.6.1 - Licensing Administration Console Denial of Service.. dos exploit for Windows platform
VAR-E-201203-0342 No CVE Sitecom WLM-2501 Cross Site Request Forgery No EDB ID
Sitecom WLM-2501 suffers from a change wireless passphrase cross site request forgery vulnerability.
VAR-E-201203-0752 CVE-2012-0354
 Cisco ASA Threat Detection Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0065		 No EDB ID
Cisco ASA is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. The following Cisco products are vulnerable: Cisco ASA 5500 Series Adaptive Security Appliances. Cisco Catalyst 6500 Series ASA Services Module. This issue is being tracked by Cisco Bug ID CSCtw35765.
VAR-E-201203-0645 CVE-2012-0353
 Cisco ASA UDP Inspection Engine Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0056		 No EDB ID
Cisco ASA UDP Inspection Engine is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. The following Cisco products are vulnerable: Cisco ASA 5500 Series Adaptive Security Appliances. Cisco Catalyst 6500 Series ASA Services Module. This issue is being tracked by Cisco Bug ID CSCtq10441.
VAR-E-201203-0177 CVE-2012-0356
 Cisco Multiple Products Protocol Independent Multicast Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0220		 No EDB ID
Multiple Cisco products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. The following Cisco products are vulnerable: Cisco Catalyst 6500 Series Firewall Services Module. Cisco ASA 5500 Series Adaptive Security Appliances. Cisco Catalyst 6500 ASA Services Module. This issue is being tracked by Cisco Bug ID CSCtu97367 and CSCtr47517.
VAR-E-201203-0014 CVE-2012-0355
 Cisco ASA Syslog Message 305006 Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0066		 No EDB ID
Cisco ASA is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. The following Cisco products are vulnerable: Cisco ASA 5500 Series Adaptive Security Appliances. Cisco Catalyst 6500 Series ASA Services Module. This issue is being tracked by Cisco Bug ID CSCts39634.
VAR-E-201203-0134 CVE-2012-1921
CVE-2012-1922
 Sitecom WLM-2501 - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201208-0530, VAR-201301-0216		 EDB ID: 18597
Sitecom WLM-2501 - Cross-Site Request Forgery. CVE-2012-1922CVE-2012-1921CVE-80538 . webapps exploit for Hardware platform
VAR-E-201203-0962 No CVE Multiple Xerox Devices Multiple Remote Code Execution Vulnerabilities No EDB ID
Multiple Xerox devices are prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Successful exploitation can completely compromise the vulnerable device.
VAR-E-201203-0121 No CVE TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection - Hardware remote Exploit EDB ID: 36945
TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection. CVE-80038 . remote exploit for Hardware platform
VAR-E-201203-0071 No CVE SAP Business Objects XI R2 Cross Site Scripting No EDB ID
SAP Business Objects XI R2 suffers from a cross site scripting vulnerability.
VAR-E-201203-0122 No CVE SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting - ASP webapps Exploit EDB ID: 36936
SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting. CVE-80640 . webapps exploit for ASP platform
VAR-E-201203-0124 No CVE SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting - ASP webapps Exploit EDB ID: 36934
SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting. CVE-80638 . webapps exploit for ASP platform
VAR-E-201203-0123 No CVE SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting - ASP webapps Exploit EDB ID: 36935
SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting. CVE-80639 . webapps exploit for ASP platform