VARIoT IoT vulnerabilities database

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

BEESCMS uses PHP+MYSQL, has a multi-language system, and easy expansion of content modules. The BEESCMS or***_sa***.php file has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.

Sangfor Technology Co., Ltd. is a provider of products, services and solutions focusing on enterprise-level security, cloud computing and infrastructure. Sangfor SSL VPN has command execution vulnerabilities. Attackers can use the vulnerability to execute arbitrary commands on the server.

WebAccess Node is an HMI/SCADA monitoring software completely based on IE browser from Advantech (China) Co., Ltd. Advantech WebAccess Node has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service.

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. Advantech WebAccess/SCADA has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service.

Shanghai ZLAN Information Technology Co., Ltd. is a high-tech enterprise that provides industrial IoT solutions. It was established in 2008. Its products include serial server, IoT chips, serial to Ethernet, etc. Shanghai ZLAN Information Technology Co., Ltd. ZLAN7144N2 has an arbitrary password reset vulnerability. An attacker can use the vulnerability to send a specific message to the port through the network to reset the device's password.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933. Vendor is responsible for this vulnerability IBM X-Force ID: 183933 Is published as.Information may be obtained and information may be tampered with. The software supports secure integration of complex B2B processes with diverse partner communities

FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism. FRITZ!OS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. AVM Fritz! Box is a wireless router made by AVM in Germany. No detailed vulnerability details are currently provided

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599. Vendor exploits this vulnerability IBM X-Force ID: 188599 Is published as.Denial of service (DoS) It may be put into a state. The IBM Elastic Storage System is a device from IBM of the United States for data management of large data volumes

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a spoofing authentication evasion vulnerability.Information may be obtained. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV. Versions of Freebox Server prior to 4.2.3 have security vulnerabilities. The vulnerabilities stem from the existence of DNS rebinding vulnerabilities in the implementation of UPnP MediaServer, allowing attackers to gain access to the local area network by manipulating the DNS (Domain Name Service) working mechanism

A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kernel extension. The issue results from the lack of proper locking when performing operations on an object. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers. Apple macOS could allow a local authenticated malicious user to gain elevated privileges on the system, caused by a time-of-check time-of-use race condition in the AppleIntelKBLGraphics kernel extension

AM600 is a medium-sized programmable logic controller (PLC) designed with a modular structure. Suzhou Inovance Technology Co., Ltd. AM600 has a buffer overflow vulnerability. The attacker sent malformed Modbus data packets, causing abnormalities inside the PLC and crashing the program.

Shanghai ZLAN Information Technology Co., Ltd. is a high-tech enterprise that provides industrial IoT solutions. It was established in 2008. Its products include serial server, IoT chips, serial to Ethernet, etc. Shanghai ZLAN Information Technology Co., Ltd. ZLAN7144N2 has an information disclosure vulnerability. An attacker can use the vulnerability to send a specific message to the UDP port through the network to obtain the WiFi hotspot connection password of the device.

The precision air conditioner network monitoring terminal is an intelligent network monitoring device based on precision air conditioners, which is connected to the network through a network cable, and continuously collects air conditioner operating status data. Guangzhou Junda Intelligent Software Technology Co., Ltd. intelligent precision air-conditioning network monitoring and alarm terminal has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.

The precision air conditioner network monitoring terminal is an intelligent network monitoring device based on precision air conditioners, which is connected to the network through a network cable, and continuously collects air conditioner operating status data. Guangzhou Junda Intelligent Software Technology Co., Ltd. intelligent precision air-conditioning network monitoring and alarm terminal has a file upload vulnerability. Attackers can use this vulnerability to gain server control rights.

The precision air conditioner network monitoring terminal is an intelligent network monitoring device based on precision air conditioners, which is connected to the network through a network cable, and continuously collects air conditioner operating status data. Guangzhou Junda Intelligent Software Technology Co., Ltd. intelligent precision air-conditioning network monitoring and alarm terminal has a file upload vulnerability. Attackers can use this vulnerability to gain server control rights.

The precision air conditioner network monitoring terminal is an intelligent network monitoring device based on precision air conditioners, which is connected to the network through a network cable, and continuously collects air conditioner operating status data. Guangzhou Junda Intelligent Software Technology Co., Ltd. intelligent precision air-conditioning network monitoring and alarm terminal has a file upload vulnerability. Attackers can use this vulnerability to gain server control rights.

H3C Magic R2+ is a wireless dual-band router specially designed by New H3C Technology Co., Ltd. H3C Magic R2+ProG router has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. The software provides backup and recovery, deduplication, backup reporting, and more

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. The software provides backup and recovery, deduplication, backup reporting, and more