VARIoT IoT exploits database

OfficeSIP Server version 3.1 suffers from a remote denial of service vulnerability. Proof of concept exploit included.

OfficeSIP Server 3.1 - Denial of Service. CVE-78997CVE-2012-1008 . dos exploit for Windows platform

MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities. CVE-2013-0229 . dos exploit for Multiple platform

Dream Report is prone to a cross-site scripting vulnerability and a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied data. Attackers can exploit these issues to execute arbitrary code in the context of the webserver, compromise the affected application, and steal cookie-based authentication credentials from legitimate users of the site. Other attacks are also possible. These issues affect Dream Report Versions prior to 4.0.

Koyo ECOM100 Ethernet Module is prone to multiple unspecified vulnerabilities including: 1. A buffer-overflow vulnerability. 2. A denial-of-service vulnerability. 3. Multiple security-bypass vulnerabilities. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible.

Schneider Electric Modicon Quantum is prone to multiple vulnerabilities including: 1. A remote code-execution vulnerability. 2. Multiple buffer-overflow vulnerabilities. 3. A security-bypass vulnerability. 4. A cross site-scripting vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible.

Rockwell Automation FactoryTalk Activation Server - Multiple Denial of Service Vulnerabilities. CVE-2012-0221CVE-78353 . dos exploit for Multiple platform

Pragyan CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the webserver process, which may aid in further attacks. Pragyan CMS 3.0 is vulnerable; other versions may also be affected.

SAPID 1.2.3 Stable - Remote File Inclusion. CVE-82476CVE-82475CVE-2012-5293 . webapps exploit for PHP platform

AirTies-4450 - Unauthorized Remote Reboot (Denial of Service). CVE-78616CVE-2012-0902 . dos exploit for Hardware platform

Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python). CVE-2013-1775CVE-90677 . local exploit for OSX platform

Apache - httpOnly Cookie Disclosure. CVE-2012-0053CVE-78556 . remote exploit for Multiple platform

PHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit). CVE-2012-2336CVE-81633CVE-2012-2311CVE-2012-1823 . remote exploit for PHP platform

Apache 2.2 - Scoreboard Invalid Free On Shutdown. CVE-2012-0031 . dos exploit for Linux platform

PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection. CVE-2012-2336CVE-2012-2311CVE-2012-1823CVE-81633 . remote exploit for PHP platform

Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution + Scanner. CVE-2012-2336CVE-2012-2311CVE-2012-1823CVE-81633 . remote exploit for PHP platform

Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution. CVE-2012-2336CVE-2012-2311CVE-2012-1823CVE-81633 . remote exploit for PHP platform

Apple Mac OSX - Sudo Password Bypass (Metasploit). CVE-2013-1775CVE-90677 . local exploit for OSX platform

Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass. CVE-2011-3639CVE-77444 . remote exploit for Linux platform