VARIoT IoT exploits database
| VAR-E-201111-0002 |
CVE-2011-4317 CVE-2013-2465 CVE-2012-0507 CVE-2011-4885 CVE-2011-5035 |
Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass - Linux remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201112-0123, VAR-201306-0242, VAR-201111-0207 | EDB ID: 36352 |
Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass. CVE-2011-4317CVE-77310 . remote exploit for Linux platform
| VAR-E-201111-0363 |
CVE-2011-4715 |
LibLime Koha 4.2 - Local File Inclusion - CGI webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201112-0305 | EDB ID: 18153 |
LibLime Koha 4.2 - Local File Inclusion. CVE-77322CVE-2011-4715 . webapps exploit for CGI platform
| VAR-E-201111-0474 |
CVE-2011-5260 CVE-2011-4707 |
SAP Netweaver Multiple Security Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201302-0013, VAR-201112-0297 | No EDB ID |
SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, a path traversal vulnerability, an html-injection vulnerability, a cross-site request-forgery vulnerability, and an authentication-bypass vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, disclose sensitive information, perform certain administrative actions, gain unauthorized access, or bypass certain security restrictions.
| VAR-E-201111-0106 |
CVE-2011-4051 |
InduSoft Web Studio - Arbitrary File Upload / Remote Code Execution (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201112-0149 | EDB ID: 21837 |
InduSoft Web Studio - Arbitrary File Upload / Remote Code Execution (Metasploit). CVE-2011-4051CVE-77179 . remote exploit for Windows platform
| VAR-E-201111-0155 |
CVE-2012-2511 CVE-2012-2512 CVE-2012-2514 CVE-2012-2611 CVE-2012-2513 CVE-2012-2612 CVE-2011-1516 CVE-2011-1517 |
SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities - Multiple dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201205-0128, VAR-202002-0024, VAR-201205-0127, VAR-201205-0132, VAR-201205-0131, VAR-201205-0130, VAR-201205-0129, VAR-201111-0111 | EDB ID: 20705 |
SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities. CVE-2012-2612CVE-2012-2611CVE-2012-2514CVE-2012-2513CVE-2012-2512CVE-2012-2511CVE-81760CVE-81759 . dos exploit for Multiple platform
| VAR-E-201111-0153 |
CVE-2011-1516 CVE-2012-2512 CVE-2012-2511 CVE-2012-2514 CVE-2012-2611 CVE-2012-2513 CVE-2012-2612 CVE-2011-1517 |
SAP NetWeaver Dispatcher - Multiple Vulnerabilities - Windows dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201205-0128, VAR-202002-0024, VAR-201205-0127, VAR-201205-0132, VAR-201205-0131, VAR-201205-0130, VAR-201205-0129, VAR-201111-0111 | EDB ID: 18853 |
SAP NetWeaver Dispatcher - Multiple Vulnerabilities. CVE-2012-2612CVE-81760CVE-81759CVE-2012-2611CVE-2012-2514CVE-2012-2513CVE-2012-2512CVE-2012-2511CVE-2011-1516 . dos exploit for Windows platform
| VAR-E-201111-0154 |
CVE-2012-2611 CVE-2011-1516 CVE-2012-2512 CVE-2012-2511 CVE-2012-2514 CVE-2012-2513 CVE-2011-1517 CVE-2012-2612 |
SAP NetWeaver Dispatcher - DiagTraceR3Info Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201205-0128, VAR-202002-0024, VAR-201205-0127, VAR-201205-0132, VAR-201205-0131, VAR-201205-0130, VAR-201205-0129, VAR-201111-0111 | EDB ID: 21034 |
SAP NetWeaver Dispatcher - DiagTraceR3Info Buffer Overflow (Metasploit). CVE-2012-2611CVE-81759 . remote exploit for Windows platform
| VAR-E-201111-0475 | No CVE | Vtiger CRM Multiple Local File Include Vulnerabilities | No EDB ID |
Vtiger CRM is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
Vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected.
| VAR-E-201111-0031 |
CVE-2011-3607 CVE-2011-4415 |
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201111-0190 | EDB ID: 41769 |
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow. CVE-2011-4415CVE-2011-3607 . dos exploit for Linux platform
| VAR-E-201111-0085 |
CVE-2012-4746 |
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201208-0320 | EDB ID: 18061 |
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities. CVE-76925CVE-76924CVE-2012-4746 . webapps exploit for Hardware platform
| VAR-E-201110-0039 | No CVE | vtiger CRM 5.2.1 Multiple Remote Cross-Site Scripting Vulnerabilities | No EDB ID |
| VAR-E-201110-0025 | No CVE | vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2) - PHP webapps Exploit | EDB ID: 36255 |
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2).. webapps exploit for PHP platform
| VAR-E-201110-0714 |
CVE-2011-2058 CVE-2011-2057 |
Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201110-0151, VAR-201110-0150 | No EDB ID |
Cisco IOS is prone to multiple remote denial-of-service vulnerabilities.
An attacker can exploit these issues to cause an affected device to stop responding, denying service to legitimate users.
These issues are being tracked by Cisco Bug IDs:
CSCtq36327
CSCtq36336
| VAR-E-201110-0290 | No CVE | Trend Micro IWSS 3.1 - Local Privilege Escalation - Linux local Exploit | EDB ID: 36257 |
Trend Micro IWSS 3.1 - Local Privilege Escalation.. local exploit for Linux platform
| VAR-E-201110-0040 |
CVE-2011-2569 |
Cisco Nexus OS (NX-OS) Command Injection
Related entries in the VARIoT vulnerabilities database: VAR-201110-0195 | No EDB ID |
Cisco Nexus OS (NX-OS) suffers from command injection and sanitization issues. Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are all affected. MDS and UCS are also affected. Local access is required.
| VAR-E-201110-0630 | No CVE | SAP Management Console - OSExecute Payload Execution (Metasploit) - Windows webapps Exploit | EDB ID: 18032 |
SAP Management Console - OSExecute Payload Execution (Metasploit).. webapps exploit for Windows platform
| VAR-E-201110-0440 | No CVE | Cyclope Internet Filtering Proxy 'CEPMServer.exe' Denial of Service Vulnerability | No EDB ID |
Cyclope Internet Filtering Proxy is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to crash the application, denying service to legitimate users. Note that code execution may be possible; however, this has not been confirmed.
Cyclope Internet Filtering Proxy 4.0 is vulnerable; other versions may also be affected.
| VAR-E-201110-0513 | No CVE | Cyclope Internet Filtering Proxy 'user' HTML Injection Vulnerability | No EDB ID |
Cyclope Internet Filtering Proxy is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
| VAR-E-201110-0211 | No CVE | Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Vulnerabilities - Hardware remote Exploit | EDB ID: 36239 |
Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Vulnerabilities.. remote exploit for Hardware platform
| VAR-E-201110-0375 |
CVE-2012-1239 |
Toshiba e-Studio (Multiple Devices) - Security Bypass - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201204-0222 | EDB ID: 36238 |
Toshiba e-Studio (Multiple Devices) - Security Bypass. CVE-2012-1239CVE-81507 . remote exploit for Multiple platform