VARIoT IoT exploits database

Cisco IP Phone 7940 is prone to a remote denial of service vulnerability. Successful exploitation causes the phone to restart. Cisco is tracking this issue as Cisco bug ID CSCef33398.

Cisco Catalyst Switches (Multiple Devices) - LanD Packet Denial of Service.. dos exploit for Hardware platform

James is prone to a memory leak denial of service vulnerability. This issue occurs during an error condition in the spooler. An attacker can exploit this issue by creating multiple error conditions and eventually consume system resources. Successful exploitation will ultimately crash the application denying service to legitimate users.

Cisco IOS HTTP service is prone to an HTML-injection vulnerability. An attacker can submit malicious HTML and script code through the '/level/15/exec/-/buffers/assigned' and '/level/15/exec/-/buffers/all' scripts. This code may run in the browser of an administrator when they attempt to view the contents of memory buffers through the vulnerable scripts of the HTTP service. IOS 11.0 through 12.4 are affected. IOS XR is not vulnerable. This issue is documented by Cisco Bug ID CSCsc64976. NOTE: Since this is an HTML-injection vulnerability that targets users of the IOS web interface, devices with the HTTP service disabled are not affected.

vTiger CRM 4.2 Leads Module - 'record' Cross-Site Scripting. CVE-2005-3818CVE-21229 . webapps exploit for PHP platform

vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting. CVE-2005-3818CVE-21227 . webapps exploit for PHP platform

vTiger CRM 4.2 - SQL Injection. CVE-2005-3819CVE-21225 . webapps exploit for PHP platform

Various Cisco IOS, PIX Firewall, Firewall Services Module (FWSM), VPN 3000 Series Concentrator, and MDS Series SanOS releases are prone to denial of service attacks. These issues are due to security flaws in Cisco's IPSec implementation. The vulnerabilities may be triggered by malformed IKE traffic. Successful attacks will cause most affected devices to restart. For Cisco MDS Series devices, this is limited to causing the IKE process to restart.

SAP Web Application Server 6.x/7.0 - Input Validation. CVE-2006-1039CVE-23628 . remote exploit for Multiple platform

SAP Web Application Server 6.x/7.0 - 'frameset.htm?sap-syscmd' Cross-Site Scripting. CVE-2005-3635CVE-20716 . webapps exploit for PHP platform

SAP Web Application Server 6.x/7.0 - Open Redirection. CVE-2005-3634CVE-35866 . webapps exploit for PHP platform

SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting. CVE-2005-3636CVE-20715 . webapps exploit for PHP platform

Cisco Airespace WLAN (Wireless LAN) devices are prone to an issue that may permit unauthorized parties to access a secure network. This issue can occur when Cisco access points are configured to run in Lightweight Access Point Protocol (LWAPP) mode. This vulnerability may allow unauthorized parties to send unencrypted network packets to a secure network by spoofing the MAC address of another host that has already authenticated. This may bypass the security of the wireless network as it may permit unauthorized access by hosts that have not authenticated.

Multiple vulnerabilities have been identified in Linksys WRT54G routers. These issue all require that an attacker have access to either the wireless, or internal LAN network segments of the affected device. Exploitation from the WAN interface is only possible if the affected device has remote management enabled. This issue allows attackers to: - Download and replace the configuration of affected routers. - Execute arbitrary machine code in the context of the affected device. - Utilize HTTP POST requests to upload router configuration and firmware files without proper authentication - Degrade the performance of affected devices and cause the Web server to become unresponsive, potentially denying service to legitimate users.

Cisco IOS 12.x - Firewall Authentication Proxy Buffer Overflow. CVE-2005-2841CVE-19227 . dos exploit for Hardware platform

The IPv6 processing functionality of Cisco IOS is prone to a vulnerability that allows a remote attacker to execute arbitrary code. A successful attack may allow the attacker to execute arbitrary code and gain unauthorized access to the device. The attacker can also leverage this issue to cause an affected device to reload, denying service to legitimate users. This issue may be related to BID 12368 (Cisco IOS IPv6 Processing Remote Denial Of Service Vulnerability). Cisco has stated that exploits of this vulnerability in Cisco IOS XR may cause the IPv6 neighbor discovery process to restart. If exploited repeatedly, this could result in a prolonged denial of service affecting IPv6 traffic traveling through the device.

F5 BIG-IP is susceptible to an unspecified SSL authentication bypass vulnerability. It is conjectured that if the BIG-IP is configured to authenticate by utilizing certificate-based authentication, attackers may be able to bypass the requested authentication checks. This allows remote attackers to gain access to protected Web sites. Depending on the nature of the protected Web sites, various further attacks may also be possible. Further details are not currently available. This BID will be updated as more information is disclosed. Versions of BIP-IP from 9.0.2 through to 9.1 are affected.

Telnet clients provided by multiple vendors are prone to a remote information-disclosure vulnerability. Attackers can retrieve any information stored in the environment of clients using the affected telnet application. The contents of the environment variables may be sensitive in nature, allowing attackers to gain information that may aid them in further attacks.

TCP TIMESTAMPS - Denial of Service. CVE-16685CVE-2005-0356 . dos exploit for Multiple platform

Novell ZENworks 6.5 - Desktop/Server Management Remote Stack Overflow (Metasploit). CVE-16698CVE-2005-1543 . remote exploit for Windows platform