VARIoT IoT exploits database

Novell ZENworks 6.5 - Desktop/Server Management Overflow (Metasploit). CVE-2005-1543CVE-16698 . remote exploit for Windows platform

Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service. CVE-15904CVE-2005-1280 . dos exploit for Multiple platform

The gzip utility is prone to a directory-traversal vulnerability. The issue occurs when gunzip is invoked on a malicious archive using the '-N' option. An archive containing an absolute path for a filename that contains '/' characters can cause the file to be written using the absolute path contained in the filename. A remote attacker may leverage this issue using a malicious archive to corrupt arbitrary files with the privileges of the user that is running the vulnerable software.

Multiple Vendor ICMP Implementation - Malformed Path MTU Denial of Service. CVE-2004-1060CVE-15619 . dos exploit for Multiple platform

Multiple Vendor ICMP Message Handling - Denial of Service. CVE-2004-0790CVE-15457 . dos exploit for Multiple platform

Multiple Vendor ICMP Implementation - Spoofed Source Quench Packet Denial of Service. CVE-2004-0791CVE-15618 . dos exploit for Multiple platform

Cisco IOS Easy VPN Server is reported prone to an authentication bypass vulnerability. This issue can allow remote attackers to bypass Extended Authentication (XAUTH) and gain unauthorized access to resources. An unauthorized attacker may send certain malformed UDP packets to UDP port 500 to complete XAUTH authentication and gain unauthorized access to network resources.

Cisco IOS is prone to an issue related to XAUTH and ISAKMP profiles that may allow a malicious VPN client to gain unauthorized access to a VPN. The vulnerability occurs in a case where attributes in an ISAKMP profile that have been assigned to remote peer are not processed. This will present a window of opportunity for the remote client to initiate Phase 2 IKE negotiation and cause an unauthorized IPSec SA (Security Association) to be established. It is noted that the vulnerability only affects those ISAKMP profiles that are matched by pre-configured certificate maps.

Cisco VPN 3000 Concentrator products are reported prone to a remote denial of service vulnerability. A remote unauthenticated attacker may trigger this vulnerability to cause an affected device to reload or drop connections. Specifically, an attacker can target the HTTPS service running on a vulnerable device to trigger this vulnerability. Cisco VPN 3000 Concentrator products running software version 4.1.7.A and prior are affected by this issue.

Multiple Vendor Telnet Client - Env_opt_add Heap Buffer Overflow. CVE-2005-0468CVE-15093 . dos exploit for Linux platform

Microsoft Windows XP/2003 - Remote Denial of Service. CVE-14578CVE-2005-1649CVE-2005-0688 . dos exploit for Windows platform

It has been reported that cURL and libcURL are vulnerable to a remotely exploitable stack-based buffer overflow vulnerability. The cURL and libcURL Kerberos authentication code fails to ensure that a buffer overflow cannot occur when server response data is decoded. The overflow occurs in the stack region, and remote code execution is possible if the saved instruction pointer is overwritten with a pointer to embedded instructions.

A remote denial of service vulnerability affects the IPv6 processing functionality of Cisco IOS. This issue is due to a failure of the affected operating system to properly handle specially crafted network data. It is possible for an attacker to produce a sustained denial of service condition against an affected device by continually sending the malicious network data. An attacker may leverage this issue to cause an affected device to reload, denying service to legitimate users.

A remote denial of service vulnerability affects the Border Gateway Protocol (BGP) processing functionality of Cisco IOS. This issue is due to a failure of the application to handle malformed network data. An attacker may leverage this issue to trigger a denial of service condition in the affected device. A persistent denial of service attack can be triggered as well.

Cisco IOS based routers that are configured with support for Multi Protocol Label Switching (MPLS) are reported prone to a remote denial of service vulnerability. It is reported that the vulnerability presents itself when an affected router handles an unspecified malicious packet on a MPLS disabled interface. A remote attacker that resides on the same network segment as the vulnerable router may exploit this vulnerability continuously to effectively deny network-based services to legitimate users.

Cisco IOS when configured for Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME), or Survivable Remote Site Telephony (SRST) services is reported prone to a remote denial of service vulnerability. The issue is reported to exist in the Skinny Call Control Protocol (SCCP) handler. A remote attacker may exploit this vulnerability continuously to effectively deny network-based services to legitimate users.

MD5 - Message Digest Algorithm Hash Collision. CVE-2004-2761CVE-45127 . dos exploit for Multiple platform

ZYXEL 3 Prestige Router - HTTP Remote Administration Configuration Reset. CVE-2004-1540CVE-12108 . remote exploit for Hardware platform

A remote denial of service vulnerability affects the 3Com OfficeConnect ADSL Wireless 11g Firewall Router. This issue is due to a failure of the application to handle anomalous network traffic. An attacker may leverage this issue to cause the affected router to crash, denying service to legitimate users.

The Allied Telesyn TFTP service is reported to be prone to multiple vulnerabilities. The following specific issues are reported: 1. Allied Telesyn TFTP Server is reported susceptible to a directory-traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability allows remote attackers to retrieve or overwrite the contents of arbitrary potentially sensitive files located on the serving appliance with the privileges of the TFTP server process. 2. Allied Telesyn TFTP Server is reported prone to a remote buffer-overflow vulnerability. This vulnerability may be exploited by a remote attacker to crash the affected service. NOTE (November 17, 2010): This vendor may now be known as Allied Telesis.