VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-200102-0016 CVE-2001-0144
SSH 1.2.x - CRC-32 Compensation Attack Detector - Unix remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200103-0055
EDB ID: 20617
SSH 1.2.x - CRC-32 Compensation Attack Detector. CVE-2001-0144CVE-795 . remote exploit for Unix platform
VAR-E-200102-0124 No CVE PKCS #1 Version 1.5 Session Key Retrieval Vulnerability No EDB ID
The data encryption techniques described in RSA's PKCS #1 standard are used in many protocols which rely on, at least in part, the security provided by public-key cryptography systems. Several protocols which implement the digital enveloping method described in version 1.5 of the PKCS #1 standard are susceptible to an adaptive ciphertext attack which may allow the recovery of session keys, thus compromising the integrity of the data transmitting during that session. By capturing and logging the packets transmitted between a client and a server, an opponent could make use of a captured encrypted session key to launch a Bleichenbacher attack together with a simple timing attack. If the session key is successfully decrypted, the saved packets can easily be decrypted in a uniform manner. Interactive key establishment protocols, such as SSH or SSL, are generally significantly more susceptible to successful attacks.
VAR-E-200012-0073 CVE-2001-0080
Cisco Catalyst 4000/5000/6000 6.1 - SSH Protocol Mismatch Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200102-0052
EDB ID: 20509
Cisco Catalyst 4000/5000/6000 6.1 - SSH Protocol Mismatch Denial of Service. CVE-2001-0080CVE-7183 . dos exploit for Hardware platform
VAR-E-200012-0075 CVE-2001-0041
Cisco Catalyst 4000 4.x/5.x / Catalyst 5000 4.5/5.x / Catalyst 6000 5.x - Memory Leak Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200102-0077
EDB ID: 20473
Cisco Catalyst 4000 4.x/5.x / Catalyst 5000 4.5/5.x / Catalyst 6000 5.x - Memory Leak Denial of Service. CVE-2001-0041CVE-801 . dos exploit for Hardware platform
VAR-E-200005-0121 CVE-2000-0345
Cisco Router Online Help Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-200005-0033
No EDB ID
Under certain revisions of IOS multiple Cisco routers have an information leakage vulnerability in their online help systems. In essence this vulnerability allows users who currently have access to the router at a low level of privilege (users without access to the 'enable' password) can use the help system to view information which should only in theory be available to an 'enabled' user. This information is comprised of access lists among other things. The help system itself does not list these items as being available via the 'show' commands yet none the less it will execute them. The message which detailed this vulnerability to the Bugtraq mailing list is attached in the 'Credit' section of this vulnerability entry. It is suggested that you read it if this vulnerability affects your infrastructure.
VAR-E-200004-0041 CVE-2000-0380
Cisco IOS 11.x/12.x - HTTP %% - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200004-0061
EDB ID: 19882
Cisco IOS 11.x/12.x - HTTP %%. CVE-2000-0380CVE-1302 . remote exploit for Hardware platform
VAR-E-200004-0047 No CVE Cisco Catalyst Enable Password Bypass Vulnerability No EDB ID
Under certain versions of the Cisco Catalyst a user who already has access to the device can elevate their current access to 'enable' mode without a password. Once 'enable' mode is obtained the user can access the configuration mode and commit unauthorized configuration changes on a Catalyst switch. This can be done either from the console itself or via a remote Telnet session.
VAR-E-200002-0024 No CVE Ascom COLTSOHO / Brocade Fabric OS / MatchBox / Win98/NT4 / Solaris / Xyplex - SNMP World Writeable Community - Multiple remote Exploit EDB ID: 19751
Ascom COLTSOHO / Brocade Fabric OS / MatchBox / Win98/NT4 / Solaris / Xyplex - SNMP World Writeable Community. CVE-92015CVE-92014CVE-92013CVE-92012CVE-92011CVE-92010 . remote exploit for Multiple platform
VAR-E-199909-0099 CVE-1999-0236
NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval - Multiple remote Exploit EDB ID: 20595
NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval. CVE-1999-0236CVE-1745 . remote exploit for Multiple platform
VAR-E-199808-0006 No CVE Cisco IOS Remote Router Crash No EDB ID
Cisco IOS software is reported prone to a remote denial of service vulnerability. This may allow an attacker to cause a vulnerable device to crash or hang. It is reported that this issue may cause damage to an internal data structure, which could lead to other problems as well. An attacker does not require authentication credentials to exploit this issue, as only access to the login prompt of a device is sufficient to trigger this issue.
VAR-E-199711-0003 CVE-1999-0016
CVE-2005-0688
CVE-2005-1649
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3) - Windows dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200505-0723, VAR-200503-0010, VAR-199712-0007
EDB ID: 20812
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (3). CVE-1999-0016CVE-14789 . dos exploit for Windows platform
VAR-E-199711-0001 CVE-1999-0016
CVE-2005-0688
CVE-2005-1649
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2) - Multiple dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200505-0723, VAR-200503-0010, VAR-199712-0007
EDB ID: 20811
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (2). CVE-1999-0016CVE-14789 . dos exploit for Multiple platform
VAR-E-199711-0002 CVE-1999-0016
CVE-2005-0688
CVE-2005-1649
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1) - Multiple dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200505-0723, VAR-200503-0010, VAR-199712-0007
EDB ID: 20810
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (1). CVE-1999-0016CVE-14789 . dos exploit for Multiple platform
VAR-E-199711-0005 CVE-1999-0016
CVE-2005-0688
CVE-2005-1649
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4) - Multiple dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200505-0723, VAR-200503-0010, VAR-199712-0007
EDB ID: 20813
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (4). CVE-1999-0016CVE-14789 . dos exploit for Multiple platform
VAR-E-199711-0004 CVE-1999-0016
CVE-2005-0688
CVE-2005-1649
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5) - Windows dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200505-0723, VAR-200503-0010, VAR-199712-0007
EDB ID: 20814
FreeBSD 2.x / HP-UX 9/10/11 / Kernel 2.0.3 / Windows NT 4.0/Server 2003 / NetBSD 1 - 'land.c' loopback Denial of Service (5). CVE-1999-0016CVE-14789 . dos exploit for Windows platform
VAR-E-199604-0004 CVE-1999-0045
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi - Multiple dos Exploit EDB ID: 19536
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi. CVE-1999-0045CVE-128 . dos exploit for Multiple platform
VAR-E-199604-0003 CVE-1999-0070
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing - CGI remote Exploit EDB ID: 20435
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing. CVE-1999-0070CVE-55371 . remote exploit for CGI platform