VARIoT IoT exploits database
| VAR-E-200712-0197 |
CVE-2007-6730 CVE-2007-6729 |
ZYXEL P-330W - Multiple Vulnerabilities - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200909-0002, VAR-200909-0001 | EDB ID: 30935 |
ZYXEL P-330W - Multiple Vulnerabilities.. remote exploit for Hardware platform
| VAR-E-200712-0533 |
CVE-2007-6334 |
Ingres Flawed In User Authentication Unauthorized Access Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-200712-0115 | No EDB ID |
Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication.
Attackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible.
This issue affects Ingres 2.5 and 2.6 when running on Windows.
NOTE: This issue does not affect the Ingres .NET data provider.
| VAR-E-200712-0430 |
CVE-2007-5584 |
Cisco Application Inspection in Firewall Services Module Denial Of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-200712-0413 | No EDB ID |
Cisco Firewall Services Module (FWSM) is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted network packets.
An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. Repeated attacks will result in a prolonged denial-of-service condition.
| VAR-E-200712-0432 | No CVE | SAP MaxDB Unspecified Remote Execution Vulnerability | No EDB ID |
SAP MaxDB is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will crash the application.
This issue affects MaxDB 7.6.00.37 and 7.4.3.32; other versions may also be affected.
| VAR-E-200712-0538 | No CVE | Rejetto HTTP File Server (HFS) 2.2/2.3 - Arbitrary File Upload - Multiple remote Exploit | EDB ID: 30850 |
Rejetto HTTP File Server (HFS) 2.2/2.3 - Arbitrary File Upload.. remote exploit for Multiple platform
| VAR-E-200712-0306 |
CVE-2007-5583 |
Cisco Phone 7940 - Remote Denial of Service - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200712-0412 | EDB ID: 4692 |
Cisco Phone 7940 - Remote Denial of Service. CVE-40189CVE-2007-5583 . dos exploit for Hardware platform
| VAR-E-200711-0281 |
CVE-2007-6203 |
Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting - Unix remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200711-0538 | EDB ID: 30835 |
Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting. CVE-2007-6203CVE-39003 . remote exploit for Unix platform
| VAR-E-200711-0386 |
CVE-2007-6033 |
Invensys Wonderware InTouch Default Universal NetDDE Share Privilege Escalation Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-200711-0210 | No EDB ID |
Invensys Wonderware InTouch is prone to a privilege-escalation vulnerability because of poor default permissions on a NetDDE share.
Attackers can exploit this issue to execute arbitrary applications that accept NetDDE connections. This can compromise the application and possibly the underlying computer.
InTouch 8.0 is vulnerable.
| VAR-E-200711-0135 |
CVE-2007-6028 |
ComponentOne FlexGrid 7.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200711-0205 | EDB ID: 30772 |
ComponentOne FlexGrid 7.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities. CVE-2007-6028CVE-41939 . remote exploit for Windows platform
| VAR-E-200711-0136 |
CVE-2007-6028 |
SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Remote Buffer Overflow - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200711-0205 | EDB ID: 10054 |
SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Remote Buffer Overflow.. remote exploit for Windows platform
| VAR-E-200711-0034 |
CVE-2007-5603 |
SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200711-0278 | EDB ID: 4594 |
SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Command Execution. CVE-39069CVE-2007-5603 . remote exploit for Windows platform
| VAR-E-200711-0035 |
CVE-2007-5815 CVE-2007-5603 CVE-2007-5814 |
SonicWALL SSL VPN 1.3 3 WebCacheCleaner - ActiveX FileDelete Method Traversal Arbitrary File Deletion - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200711-0278, VAR-200711-0040, VAR-200711-0039 | EDB ID: 30730 |
SonicWALL SSL VPN 1.3 3 WebCacheCleaner - ActiveX FileDelete Method Traversal Arbitrary File Deletion. CVE-2007-5815CVE-45534 . remote exploit for Windows platform
| VAR-E-200710-0640 | No CVE | Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities | No EDB ID |
Cisco IOS is prone to multiple unspecified stack-overflow vulnerabilities.
A successful attack may allow the attacker to execute arbitrary code and gain unauthorized access to the device. The attacker can also leverage this issue to cause an affected device to reload, denying service to legitimate users.
The researchers responsible for these discoveries have stated that there are numerous other IOS security issues that will be released in the near future.
NOTE: Judging by the limited information in the security advisory that induced this alert, we assume that all of Cisco IOS 12.x and IOS XR versions are affected by these issues. We cannot verify this at this time. We will update this information when more details emerge.
| VAR-E-200710-0265 |
CVE-2007-5381 |
Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200710-0016 | EDB ID: 30652 |
Cisco IOS 12.3 - 'LPD' Remote Buffer Overflow. CVE-2007-5381CVE-37935 . remote exploit for Hardware platform
| VAR-E-200710-0094 |
CVE-2007-6003 CVE-2007-5385 CVE-2007-5383 CVE-2007-5384 |
Thomson SpeedTouch 716 - 'URL' Cross-Site Scripting - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200711-0147, VAR-200710-0018, VAR-200710-0019, VAR-200710-0020 | EDB ID: 30882 |
Thomson SpeedTouch 716 - 'URL' Cross-Site Scripting. CVE-2007-6003CVE-38711 . remote exploit for Hardware platform
| VAR-E-200709-0584 |
CVE-2007-5134 |
Cisco Catalyst 6500 and Cisco 7600 Loopback Access Control Bypass Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-200709-0062 | No EDB ID |
Cisco Catalyst 6500 and Cisco 7600 devices are prone to a vulnerability that may allow attackers to bypass access control lists (ACL).
Attackers may leverage this issue to access a device from an unauthorized remote location; this may aid in further attacks.
| VAR-E-200708-0487 |
CVE-2007-3847 |
Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-200708-0612 | No EDB ID |
The Apache mod_proxy module is prone to a denial-of-service vulnerability.
A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM).
| VAR-E-200708-0245 |
CVE-2007-4459 |
Cisco IP Phone 7940 - 10 SIP Messages Remote Denial of Service - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200708-0411 | EDB ID: 4298 |
Cisco IP Phone 7940 - 10 SIP Messages Remote Denial of Service. CVE-2007-4459 . dos exploit for Hardware platform
| VAR-E-200708-0246 |
CVE-2007-4459 |
Cisco IP Phone 7940 - 3 SIP Messages Remote Denial of Service - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200708-0411 | EDB ID: 4297 |
Cisco IP Phone 7940 - 3 SIP Messages Remote Denial of Service. CVE-2007-4459 . dos exploit for Hardware platform
| VAR-E-200708-0427 |
CVE-2007-4430 |
Cisco IOS 12.3 - Show IP BGP Regexp Remote Denial of Service - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200708-0316 | EDB ID: 30506 |
Cisco IOS 12.3 - Show IP BGP Regexp Remote Denial of Service. CVE-2007-4430CVE-37104 . dos exploit for Hardware platform