VARIoT IoT exploits database

Fortigate Firewall 2.x - selector Admin Interface Cross-Site Scripting. CVE-3296 . remote exploit for Hardware platform

Fortigate Firewall 2.x - listdel Admin Interface Cross-Site Scripting. CVE-3295 . remote exploit for Hardware platform

Fortigate Firewall 2.x - dlg Admin Interface Cross-Site Scripting. CVE-3289 . remote exploit for Hardware platform

Fortigate Firewall 2.x - Policy Admin Interface Cross-Site Scripting. CVE-3294 . remote exploit for Hardware platform

Novell has reported that the PMAP.NLM component of NetWare/ZenWorks is prone to a buffer overrun vulnerability. This condition could potentially be exploited to cause a denial of service or execute arbitrary code in the context of the software.

A buffer-mismanagement vulnerability has been reported in OpenSSH. This issue resides in the 'buffer.c' source file and may potentially be exploited to execute arbitrary code with the privileges of OpenSSH, but this has not been confirmed. The issue may cause a denial of service. This condition can reportedly be triggered by an overly large packet. There are also unconfirmed rumors of an exploit for this vulnerability circulating in the wild. OpenSSH has revised their advisory, pointing out a similar issue in the 'channels.c' source file and an additional issue in 'buffer.c'. Solar Designer has also reportedly pointed out additional instances of the problem that may also present vulnerabilities.

D-Link DI-704P - Long URL Denial of Service.. dos exploit for Hardware platform

Cisco IOS 10/11/12 - UDP Echo Service Memory Disclosure. CVE-2352 . dos exploit for Hardware platform

The HTTP server on Cisco IOS devices is prone to a buffer overrun that can be triggered by sending 2GB of data. This may be exploited to execute arbitrary code on a vulnerable device.

Cisco IOS - using hping Remote Denial of Service. CVE-2325CVE-2003-0567 . dos exploit for Hardware platform

Cisco IOS - 'cisco-bug-44020.c' IPv4 Packet Denial of Service. CVE-2325CVE-2003-0567 . dos exploit for Hardware platform

Cisco IOS - IPv4 Packets Denial of Service. CVE-2325CVE-2003-0567 . dos exploit for Hardware platform

A problem with Cisco Catalyst switches has been reported in the handling of non-standard TCP packets. Because of this, an attacker may be able to deny legitimate user access to the switch.

D-Link DI-704P - Syslog.HTM Denial of Service.. dos exploit for Hardware platform

It has been reported that Cisco IOS is vulnerable to an issue in handling Service Assurance Agent (previously called Response Time Reporter, or RTR) packets. Because of this, a remote user may be able to cause the router to become unstable and crash.

Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service. CVE-55304 . dos exploit for Hardware platform

A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server.

A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation. Through this attack, it may be possible for a malicious client to discover the RSA private key of a server using the vulnerable software.

MySQL 3.23.x - 'mysqld' Local Privilege Escalation. CVE-2003-0150CVE-9909 . local exploit for Linux platform

Sendmail 8.12.x - Header Processing Buffer Overflow (2). CVE-2002-1337CVE-4502 . remote exploit for Unix platform