VARIoT IoT vulnerabilities database

The NETGEAR D6300B is a smart router device. The NETGEAR D6300B stores login passwords in /data/nvram in clear text, and remote attackers can exploit vulnerabilities to obtain sensitive information.

OpenVox VoxStack is a family of Asterisk-based analog voice gateways designed for small and medium-sized businesses. The OpenVox VoxStack Wireless Gateway /cgi-bin/php/network-ddns.php script has security vulnerabilities that allow remote attackers to exploit sensitive information.

OpenVox VoxStack is a series of Asterisk-based analog voice gateways designed for small and medium-sized businesses. OpenVox VoxStack Wireless Gateway /cgi-bin/php/system-login.php script leaks sensitive information, and remote attackers can exploit vulnerabilities to obtain SSH password information. .

The NETGEAR D6300B is a smart router device. The NETGEAR D6300B /diag.cgi script failed to properly filter the 'IPAddr4' POST parameter data, allowing remote attackers to exploit the vulnerability to execute arbitrary system commands.

OpenVox VoxStack is a family of Asterisk-based analog voice gateways designed for small and medium-sized businesses. The OpenVox VoxStack Wireless Gateway has a default 'admin' account with a password of 'admin' that allows an attacker to exploit the vulnerability to gain unauthorized access to the device.

The NETGEAR D6300B is a smart router device. The NETGEAR D6300B has a vulnerability in handling specially crafted messages that combine the 'Gearguy' username with the 'Geardog' password, allowing remote attackers to exploit the vulnerability without requiring authentication to gain root access to the device.

FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. FortiGuard FortiWeb Contains a privileged vulnerability.A user who has been remotely authenticated may be able to obtain permission. Fortinet Fortiweb is prone to multiple security vulnerabilities, including; 1. A cross-site scripting vulnerability 2. A security-bypass vulnerability 3. An HTTP Header Injection Vulnerability An attacker can exploit these issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, bypass security restrictions to obtain sensitive information, or insert arbitrary headers into an HTTP response, which may help them launch other attacks. Fortinet Fortiweb 5.0.2 and prior are vulnerable. Fortinet FortiGuard FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Sensitive database content. Elevation of privilege vulnerability exists in Fortinet FortiGuard FortiWeb 5.0.2 and earlier versions

CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Fortinet Fortiweb is prone to multiple security vulnerabilities, including; 1. A cross-site scripting vulnerability 2. A security-bypass vulnerability 3. Fortinet Fortiweb 5.0.2 and prior are vulnerable. Fortinet FortiGuard FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Sensitive database content. CRLF injection vulnerability exists in Fortinet FortiGuard FortiWeb 5.0.2 and earlier versions

Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Fortinet Fortiweb is prone to multiple security vulnerabilities, including; 1. A cross-site scripting vulnerability 2. A security-bypass vulnerability 3. An HTTP Header Injection Vulnerability An attacker can exploit these issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, bypass security restrictions to obtain sensitive information, or insert arbitrary headers into an HTTP response, which may help them launch other attacks. Fortinet Fortiweb 5.0.2 and prior are vulnerable. Fortinet FortiGuard FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Sensitive database content

NetGear N300 DGN2200 is a wireless ADSL2 + Modem router product from NetGear. The following security vulnerabilities exist in NetGear N300 DGN2200 running firmware version 1.0.0.36-7.0.37: 1. Local information disclosure vulnerability 2. Cross-site request forgery vulnerability 3. Arbitrary file access vulnerability 4. Remote command execution vulnerability 5. Unauthorized access Vulnerability 6. Security Bypass Vulnerability. Attackers can use these vulnerabilities to bypass security restrictions, obtain sensitive information, perform unauthorized operations in the context of the logged-in user, gain access, or execute arbitrary commands in the context of the affected application. An unauthorized-access weakness 6

ZyXEL Prestige 782R is a router product of ZyXEL Technology Corporation. An authentication bypass vulnerability exists in ZyXEL Prestige 782R. An attacker could use this vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks

Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCum05337. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A remote attacker could exploit this vulnerability to obtain sensitive information

SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. A successful exploit may allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05326. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

FRITZ! Box is a residential gateway device from AVM GmbH. A number of FRITZ!Box products have remote security bypass vulnerabilities that allow an attacker to exploit a vulnerability to bypass specific security restrictions and perform any unauthenticated operations. Multiple FRITZ!Box products are prone to a remote security-bypass vulnerability

SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. A successful exploit may allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCum05318. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file. Apple Boot Camp is prone to a memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Due to the nature of the issue, code execution may be possible, however, it has not been confirmed. This issue is fixed in Boot Camp 5.1. Apple Boot Camp is a set of system plug-ins from Apple (Apple) that supports Mac to run Windows operating system. The plug-in is built into the Mac OS X system. A security vulnerability exists in the AppleMNT.sys file in Apple Boot Camp version 5.0. The issue was addressed through improved bounds checking. CVE-ID CVE-2014-1253 : MJ0011 of 360 Security Center Boot Camp 5.1 may be obtained via Apple Software Update or from: http://support.apple.com/downloads/ Depending on your Mac model, the downloading file name is one of the following two: The download file name: BootCamp5.1.5621.zip Its SHA-1 digest: 72c71be259474836c17ddd400aca2218660b8aac The download file name: BootCamp5.1.5640.zip Its SHA-1 digest: 2998a7881509a87b22abc6764379c0a33b6ced3a Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS+rIpAAoJEPefwLHPlZEwM0gQAJ5Ffh3VoQKk/psQJN6ABJar SbijQfk9eILkiO/XDMwrLKmj0183VS1N+xGzLaZqC0wDjwwwUHOJHUGK02+rRPCf pI2NkZeaRJtGeSfC1LjDHbBhToJLY3JbGU8+NiZrWiFwcJMhyHvgcjWQwOvN2X9R jNiHvo5kTBXboaCwBU9NRvWXDmWbCeWPCsAr0WYOsyCMT4fms/2NtygjiregAGBO BL1kDf2BiF+1lcfGD/cQgOyYPrvOhBtIp6//5UhksFY2h90lHu7Dm6FTUKlUyTzh qKVSro4FL87OA2opuPwAOsbX/96XZEgHlHs2mOy2dGkDCZ2LF6KjWARanSIixBFV 2ARsj6ck+O9S+8KBVGEFBPPKN0fNZ7Irhivv/rR+w1AZLMsbLvdGdm4CarrMEogX daPXwiWnMNsWadMVMIeHpjdYprVw/vfIDCqBXwZfLnDeHxtHgMxyNx0uuXrBPDWu HjrB8Uo0/MSp55QyOSY4DLhQWVTC9mNc5CKcMmnmOQtH4niGyXc+D7k2pa7dKHPY NLggsaiNOKiTjUpcgGEOz191Q7vVDGpGCuV81C9k+AYMWToXnffGXYO62zk0NeIH 7sZ9feNCTZHLlFDF0v9KnnyXFLMTcgT0WXtw1RAcBY7UebcaBSS1ljyw45qGo+bA 3J/op5VbemkYblZScFvu =Dlmy -----END PGP SIGNATURE-----

MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet. MatrikonOPC is the world's largest OPC developer and supplier. Allows an attacker to exploit a vulnerability to launch a denial of service attack. Successful exploits may allow an attacker to cause denial-of-service conditions. DNP3 OPC Server versions prior to 1.2.2.0 are vulnerable

Barracuda Networks Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support. A remote command injection vulnerability exists in Barracuda Load Balancer. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected application. There are vulnerabilities in Barracuda Load Balancer 340 version 4.2.2.007, other versions may also be affected

The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. Cisco Unified Communications Manager is prone to an unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access to affected application. This may aid in generating activity within the application resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCum05347. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCum05343. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution