VARIoT IoT exploits database
| VAR-E-201109-0578 |
CVE-2011-3489 |
Rockwell RSLogix 19 - Denial of Service - Windows dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201109-0182 | EDB ID: 17843 |
Rockwell RSLogix 19 - Denial of Service. CVE-2011-3489CVE-75569 . dos exploit for Windows platform
| VAR-E-201109-0336 |
CVE-2011-3491 CVE-2011-3499 CVE-2011-3498 |
progea movicon / powerhmi 11.2.1085 - Multiple Vulnerabilities - Windows dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201109-0170, VAR-201109-0171, VAR-201109-0184 | EDB ID: 17842 |
progea movicon / powerhmi 11.2.1085 - Multiple Vulnerabilities. CVE-2011-3499CVE-2011-3498CVE-2011-3491CVE-75494CVE-75493CVE-75492CVE-75491 . dos exploit for Windows platform
| VAR-E-201109-0095 |
CVE-2011-4535 |
ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Local Buffer Overflow - Windows local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201204-0010 | EDB ID: 17817 |
ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Local Buffer Overflow. CVE-75375CVE-2011-4535 . local exploit for Windows platform
| VAR-E-201109-0096 |
CVE-2011-4535 |
ScadaTEC ScadaPhone 5.3.11.1230 - Local Stack Buffer Overflow (Metasploit) - Windows local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201204-0010 | EDB ID: 17833 |
ScadaTEC ScadaPhone 5.3.11.1230 - Local Stack Buffer Overflow (Metasploit). CVE-75375CVE-2011-4535 . local exploit for Windows platform
| VAR-E-201109-0094 |
CVE-2011-3322 |
Procyon Core Server HMI 1.13 - 'Coreservice.exe' Remote Stack Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201109-0224 | EDB ID: 17827 |
Procyon Core Server HMI 1.13 - 'Coreservice.exe' Remote Stack Buffer Overflow (Metasploit). CVE-2011-3322CVE-75371 . remote exploit for Windows platform
| VAR-E-201109-0229 | No CVE | TPLINK TD-8810 Cross Site Request Forgery | No EDB ID |
TPLINK TD-8810 cross site request forgery exploit that performs a reboot of the modem.
| VAR-E-201109-0165 | No CVE | BroadWin WebAccess Client 'bwocxrun.ocx ' Multiple Remote Vulnerabilities | No EDB ID |
BroadWin WebAccess Client is prone to multiple remote vulnerabilities, including:
1. A format-string vulnerability
2. Multiple memory corruption vulnerabilities
Attackers could exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
BroadWin WebAccess Client 7.0 is vulnerable; other verisons may also bea ffected.
| VAR-E-201109-0616 | No CVE | Wibu-Systems CodeMeter License Server Directory Traversal Vulnerability | No EDB ID |
Wibu-Systems CodeMeter is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to download arbitrary files with certain extensions from outside the server root directory. This may aid in further attacks.
CodeMeter 4.30c is affected; other versions may also be vulnerable.
| VAR-E-201109-0167 | No CVE | ICONICS IcoSetServer ActiveX Control Trusted Zone Vulnerability | No EDB ID |
ICONICS IcoSetServer ActiveX control is prone to a vulnerability that can allow an attacker to insert an arbitrary domain into the Trusted Zone.
A successful exploit will result in the addition of an arbitrary attacker-supplied domain into the Trusted Zone of the browser. This may potentially allow for the execution of arbitrary code.
| VAR-E-201109-0367 |
CVE-2011-0342 |
InduSoft ISSymbol ActiveX Control 'ISSymbol.ocx' Multiple Buffer Overflow Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201109-0060 | No EDB ID |
The InduSoft ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities.
Attackers could exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
| VAR-E-201109-0767 | No CVE | Multiple Vendors IPv6 Router Advertisement Guard Evasion Security Bypass Vulnerability | No EDB ID |
Multiple vendors products are prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass the security mechanisms built into an affected device. This may aid in further attacks.
| VAR-E-201108-0204 |
CVE-2011-2543 CVE-2011-2577 CVE-2011-2544 |
Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201109-0074, VAR-201109-0075, VAR-201108-0095 | EDB ID: 17871 |
Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities. CVE-2011-2577CVE-75663CVE-2011-2544CVE-2011-2543CVE-75662CVE-74901 . webapps exploit for Hardware platform
| VAR-E-201108-0031 | No CVE | ClearSCADA - Remote Authentication Bypass - Windows remote Exploit | EDB ID: 35924 |
ClearSCADA - Remote Authentication Bypass. CVE-75022 . remote exploit for Windows platform
| VAR-E-201108-0400 |
CVE-2011-2763 CVE-2011-2762 |
LifeSize Room - Command Injection (Metasploit) - PHP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201109-0092, VAR-201109-0091 | EDB ID: 17743 |
LifeSize Room - Command Injection (Metasploit). CVE-2011-2763CVE-75212 . webapps exploit for PHP platform
| VAR-E-201108-0401 |
CVE-2011-2763 CVE-2011-2762 |
LifeSize Room Command Injection
Related entries in the VARIoT vulnerabilities database: VAR-201109-0092, VAR-201109-0091 | EDB ID: 18068 |
| VAR-E-201112-0005 |
CVE-2011-4885 CVE-2011-3192 CVE-2011-3368 |
PHP 5.3.8 - Hashtables Denial of Service - PHP dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201108-0132 | EDB ID: 18296 |
PHP 5.3.8 - Hashtables Denial of Service. CVE-2011-4885CVE-78115 . dos exploit for PHP platform
| VAR-E-201108-0002 |
CVE-2014-5329 CVE-2011-3192 CVE-2013-2465 CVE-2012-0507 CVE-2011-4885 CVE-2011-5035 |
Apache - Remote Memory Exhaustion (Denial of Service) - Multiple dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201112-0123, VAR-201306-0242, VAR-201108-0132 | EDB ID: 17696 |
Apache - Remote Memory Exhaustion (Denial of Service). CVE-2014-5329CVE-74721CVE-2011-3192 . dos exploit for Multiple platform
| VAR-E-201108-0016 | No CVE | Multiple Sagem F@st Routers Authentication Bypass Vulnerability | No EDB ID |
Multiple Sagem F@st Routers are prone to a remote authentication-bypass vulnerability.
Successful exploits allow remote authenticated attackers to obtain other users' passwords and gain access to the vulnerable device. This will completely compromise an affected device.
The following routers are affected:
Sagem F@st 3304
Sagem F@st 3464
Sagem F@st 3504
| VAR-E-201108-0307 | No CVE | CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service - Windows dos Exploit | EDB ID: 17618 |
CiscoKits 1.0 - TFTP Server 'Write Command' Denial of Service.. dos exploit for Windows platform
| VAR-E-201108-0439 | No CVE | CiscoKits CCNA TFTP 'Read' Command Directory Traversal Vulnerability | No EDB ID |
CiscoKits CCNA TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
CiscoKits CCNA TFTP Server 1.0 is vulnerable; other versions may also be affected.