Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201203-0965 No CVE Polycom Products Directory Traversal and Command Injection Vulnerabilities No EDB ID
Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Also, attackers can execute arbitrary commands with the privileges of the user running the application.
VAR-E-201203-0857 CVE-2012-1557
 Parallels Plesk Panel Unspecified Remote Security Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0121		 No EDB ID
Parallels Plesk Panel is prone to an unspecified remote security vulnerability that allows attackers to gain unauthorized administrative access to the application. Attackers can exploit this issue to perform unauthorized actions on the affected application. Successfully exploiting this issue results in complete compromise of the application. Limited technical details are available at this time. We will update this BID as more information emerges. Parallels Plesk Panel versions 7.6.1 through 10.3.1 are vulnerable.
VAR-E-201202-0457 CVE-2012-0369
 Cisco Wireless LAN Controller CVE-2012-0369 IPv6 Packets Handling Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0224		 No EDB ID
Cisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. An unauthenticated attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCtt07949. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002
VAR-E-201202-0375 CVE-2012-0370
 Cisco Wireless LAN Controller CVE-2012-0370 'WebAuth' Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0225		 No EDB ID
Cisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. An unauthenticated attacker can exploit this issue to cause an device configured for 'WebAuth' to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCtt47435. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002
VAR-E-201202-0006 CVE-2012-0368
 Cisco Wireless LAN Controller CVE-2012-0368 HTTP Request Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0223		 No EDB ID
Cisco Wireless LAN Controller is prone to a remote denial-of-service vulnerability. An unauthenticated attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCts81997. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002
VAR-E-201202-0762 CVE-2012-0359
 Cisco Cius Remote Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201203-0222		 No EDB ID
Cisco Cius is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to stop responding and require reboot, denying service to legitimate users. Cisco Cius versions prior to 9.2(1) SR2 are vulnerable. This issue is being tracked by Cisco Bug ID CSCto71445.
VAR-E-201202-0700 No CVE Sagem F@ST 2604 Cross Site Request Forgery No EDB ID
Sagem F@ST 2604 suffers from a cross site request forgery vulnerability.
VAR-E-201202-0068 CVE-2012-5319
 D-Link DCS - 'security.cgi' Cross-Site Request Forgery - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201210-0413		 EDB ID: 36877
D-Link DCS - 'security.cgi' Cross-Site Request Forgery. CVE-2012-5319CVE-79770 . remote exploit for Hardware platform
VAR-E-201202-0850 No CVE Xavi 7968 ADSL Router Cross Site Request Forgery / Cross Site Scripting No EDB ID
The Xavi 7968 router suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
VAR-E-201202-0323 No CVE Xavi 7968 ADSL Router Denial Of Service No EDB ID
The Xavi 7968 ADSL router suffers from a remote denial of service vulnerability.
VAR-E-201202-0309 CVE-2012-4999
 Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201209-0274		 EDB ID: 36868
Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities. CVE-2012-4999CVE-79870 . dos exploit for Hardware platform
VAR-E-201202-0070 CVE-2012-5322
CVE-2012-5323
 Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Site Scripting - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201210-0417, VAR-201210-0416		 EDB ID: 36865
Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Site Scripting. CVE-79824CVE-2012-5322 . webapps exploit for Hardware platform
VAR-E-201202-0071 CVE-2012-5322
CVE-2012-5323
 Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201210-0417, VAR-201210-0416		 EDB ID: 36866
Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting. CVE-79823CVE-2012-5322 . remote exploit for Hardware platform
VAR-E-201202-0072 CVE-2012-5323
CVE-2012-5322
 Xavi 7968 ADSL Router - Multiple Cross-Site Request Forgery Vulnerabilities - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201210-0417, VAR-201210-0416		 EDB ID: 36864
Xavi 7968 ADSL Router - Multiple Cross-Site Request Forgery Vulnerabilities. CVE-79822CVE-2012-5323 . remote exploit for Hardware platform
VAR-E-201202-0295 CVE-2012-1308
 D-Link DSL-2640B ADSL Router - Cross-Site Request Forgery - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201210-0554		 EDB ID: 18499
D-Link DSL-2640B ADSL Router - Cross-Site Request Forgery. CVE-80803CVE-2012-1308 . webapps exploit for Hardware platform
VAR-E-201202-0098 No CVE D-Link DSL-2640B Cross Site Request Forgery No EDB ID
The D-Link DSL-2640B ADSL router suffers from a cross site request forgery vulnerability.
VAR-E-201202-0768 CVE-2012-0352
 Multiple Cisco Nexus Devices IP Stack Remote Denial of Service Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201202-0095		 No EDB ID
Multiple Cisco Nexus devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to crash, denying service to legitimate users. The following devices are affected: Cisco Nexus 1000V Cisco Nexus 5000 Cisco Nexus 7000 This issue is documented by Cisco Bug IDs CSCti23447, CSCti49507, and CSCtj01991.
VAR-E-201202-0155 No CVE D-Link DAP-1150 1.2.94 - Cross-Site Request Forgery - Hardware remote Exploit EDB ID: 36767
D-Link DAP-1150 1.2.94 - Cross-Site Request Forgery.. remote exploit for Hardware platform
VAR-E-201202-0770 No CVE Advantech BroadWin WebAccess Remote Code Execution Vulnerability No EDB ID
Advantech BroadWin WebAccess is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the servers managed by the affected application. Failed attacks may cause denial-of-service conditions.
VAR-E-201202-0384 No CVE D-Link ShareCenter Products - Multiple Remote Code Execution Vulnerabilities - Hardware remote Exploit EDB ID: 36670
D-Link ShareCenter Products - Multiple Remote Code Execution Vulnerabilities.. remote exploit for Hardware platform