VARIoT IoT vulnerabilities database

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. If an IIS 5.0 web server is sent a crafted HTTP GET request which contains a falsified and excessive "Content-Length" field, it behaves in an unusual manner. The server keeps the connection open and does not time out, but does not respond otherwise. It is possible that this may be used to cause a denial of service to the web server

DeltaThree Pc-To-Phone 3.0.3 stores sensitive data in a universally readable unit in the installation directory, which allows local users to read the information in temp.html, the log folder, and the PhoneBook folder.

Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. Many of these applications only block packets created by the standard Windows protocol adapter. Exploitation will result in a violation of security policy. Tiny Personal Firewall, ZoneAlarm and ZoneAlarm Pro are confirmed vulnerable. It is believed that other applications similar in design may also be vulnerable

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera. Axis Network Cameras are network ready cameras, including an internal web server to display images. They also include a web based administration tool. By default, the password to administer the cameras is 'pass'

SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. The SpeedXess HA-120 router is a home-grade hardware solution used to route DSL connections. It is manufactured by Hyundai Networks. When installed, the router does not prompt the user to change the password. Added to this problem is the fact that the factory sets the password to a known default for every router. A remote attacker can use this vulnerability to gain root directory permissions

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page, 'user.php', which contains malicious script code. When the link is clicked by an unsuspecting web user, the malicious script code will be executed on the user in the context of the site running PHPNuke. This attack may be used to steal a user's cookie-based authentication credentials for the vulnerable PHPNuke site. PostNuke is also affected by a number of these issues. This problem has also been reported with other scripts included in the PHPNuke package. More specifically, modules.php, upload.php, friend.php and submit.php are also vulnerable under some circumstances. Different parameters to the user.php script may also be sufficient for a cross-site scripting attack. An additional cross-site scripting vulnerability has been reported in modules.php for PostNuke. **It has been reported that the cross-site scripting issue affecting the 'ttitle' parameter of 'modules.php' script has been re-introduced in newer versions of the PHPNuke application. This issue is reported to affect versions 7.2 and prior

Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. IOS is a Cisco Internetwork Operating System. It is maintained and distributed by Cisco, and used on various types of Cisco hardware. A problem has been found in the checking of protocol by the system. The vulnerable version of IOS does not check the protocol type of the packets, thus making it possible for a system on either end of the connection to send data of a different type. One such instance would be a system on the protected network sending a UDP packet to a system outside of the protected network, and the external system returning a connection to the host via TCP using the pre-established IP address and port numbers. This could allow a remote user to gather intelligence about a host, and potentially lead to an organized attack against network resources. A remote attacker could exploit this vulnerability to bypass access control lists

Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN. Xircom Rex 6000 PDA users can install Rextools on their desktop in order to manage the content on their MicroPDA device. A flaw exists in the transfer of the pin code information from the PDA to the Rextools application. The Rex 6000 sends the authentication information in plain text. The Xircom REX 6000 version is vulnerable

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. Apache is prone to a remote security vulnerability. An attacker can exploit this issue to perform unauthorized actions; other attacks are also possible

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. A vulnerability exists in the remote administration client for RhinoSoft Serv-U

Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. A weakness in the reporting functionality of Microsoft IIS has been discovered. It is possible to cause IIS to log false information. This problem occurs when an attacker makes a HTTP request using hexadecimal encoded requests. A malicious attacker can cause IIS to fill the log with false information. This may result in confusion when other services make use of the false IIS log data. It should be noted that this issue highly depends on the text editor used to analyze the logs. Some hexadecimal sequences may have varying results when interpreted

Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. Bharat Mediratta Gallery is a free, open source web-based photo album which may be used as an add-on for the PHPNuke web portal. Due to insufficient validation of user-supplied input, it is be possible to view arbitrary web-readable files via a specially crafted web request which contains '../' sequences. This issue may allow a remote attacker to gather sensitive information which may be used in directed and organized attacks against a host running the Gallery software. A remote attacker can use the .

Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table. There is a denial-of-service vulnerability in specific versions of Cisco IOS or CatOS. IOS is the Internetwork Operating System, distributed by Cisco Systems. A problem in the operating system has been discovered that could lead to a user on a system local to the router denying service all network users. The problem is in the handling of multiple ARP requests. It discontinues all other ARP entries afterwards. This makes it possible for a user on a network local to the router to deny service to users on all sides of the router. This vulnerability affects the following Cisco systems: Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 800, ubr900, 1000, 1400, 1500, 1600, 1700, 2500, 2600, 3000, 3600, 3800, 4000, 4500, 4700, AS5200, AS5300, AS5800, 6400, 7000, 7200, ubr7200, 7500, and 12000 series. Most recent versions of the LS1010 ATM switch. The Catalyst 6000. The Catalyst 2900XL LAN switch. The Catalyst 1900, 2800, 2900, 3000, and 5000 series LAN switches are affected. The Cisco DistributedDirector. Vulnerabilities exist in several Cisco networking products

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. Cisco 12000 When using a black hole filter in a series internet router, ICMP Service disruption when a large number of unreachable packets are sent (DoS) There is a vulnerability that becomes a condition.ICMP Service operation disruption by sending a large number of unreachable packets (DoS) There is a possibility of being in a state. Cisco 12000 Series Internet Routers are prone to a denial of service condition. Successful exploitation may cause the router to stop forwarding packets. This condition may occur when the router is "Black Hole" filtering. It should be noted that this vulnerability only affects certain Cisco 12000 Series Internet Routers, and other Cisco router products should not be considered vulnerable. Cisco classifies this issue under Vulnerability CSCdr46528, Vulnerability CSCds36541 and Vulnerability CSCdt66560. Engine 2 based Cisco 12000 with IOS 12.0 and line cards and earlier versions are vulnerable

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. Cisco IOS is the router firmware included with numerous devices manufactured by Cisco Systems. Non-initial fragmented packets sent to a protected host will bypass the ACL. This could allow a user to communicate with 'protected' hosts, bypassing security policy. A remote attacker bypasses the ACL

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. IOS is the Cisco Internet Operating System, distributed with and used on various Cisco network hardware. A possible vulnerability in IOS on the 12000 series Cisco routers could make it possible for a remote user to send unauthorized traffic to a protected network. IOS for the Cisco 12000 has only recently added the ability to filter fragmented packets in outgoing traffic. If a 'fragment' rule in an outgoing ACL exists in a version without this feature, attackers may be able to evade it and send fragmented packets to a protect network. This vulnerability may result in attackers or users bypassing security policy

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. Cisco 12000 Series Internet Routers with line cards based on Engine 2 are prone to an unusual issue where they may fail to drop packets. The result is that some packets will not be dropped, potentially allowing restricted traffic into the network. Cisco has assigned Vulnerability CSCdu03323 to this issue. Some outgoing packets bypass access restrictions

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. Cisco IOS is the router firmware included with numerous devices manufactured by Cisco Systems. The keyword "fragment" in a compiled (turbo) ACL will be ignored when evaluating packets that are addressed to the router itself. Cisco has assigned Vulnerability CSCdu57417 to this issue. Fragmented packets violate expected access

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. Cisco IOS is the router firmware included with numerous devices manufactured by Cisco Systems. This may be the case when input ACL is configured on some, but not all, of the interfaces on the card. This vulnerability will occur only when the packets in question are not blocked by an inbound ACL on the ingress port. An ACL applied to incoming packets will still behave as expected. Remote attacker bypasses intended access controls

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. Cisco IOS is the router firmware included with numerous devices manufactured by Cisco Systems. IOS on Cisco 12000 series routers with Engine 2 based cards may fail to block intended traffic using outgoing ACLs. Outgoing ACL lists do not support the keyword 'fragment', and will ignore it. If the keyword is included in the ACL, fragmented packets will not be evaluated against the associated rules, possibly bypassing security policy