VARIoT IoT exploits database
| VAR-E-201712-0558 | No CVE | Sony Playstation 4 4.05 FW Local Kernel Loader | No EDB ID |
In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel in order to allow jailbreaking and kernel-level modifications to the system. This release does not contain any code related to defeating anti-piracy mechanisms or running homebrew. This exploit does include a loader that listens for payloads on port 9020 and will execute them.
| VAR-E-201712-0269 | No CVE | Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader - Hardware local Exploit | EDB ID: 43397 |
Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'NamedObj ' Kernel Loader.. local exploit for Hardware platform
| VAR-E-201712-0098 |
CVE-2017-17215 |
Huawei Router HG532 - Arbitrary Command Execution - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201803-1048 | EDB ID: 43414 |
Huawei Router HG532 - Arbitrary Command Execution. CVE-2017-17215 . webapps exploit for Hardware platform
| VAR-E-201712-0345 |
CVE-2016-6914 |
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation - Windows local Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201712-0026 | EDB ID: 43390 |
Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation. CVE-2016-6914 . local exploit for Windows platform
| VAR-E-201712-0016 | No CVE | Linksys WVBR0 - User-Agent Remote Command Injection Exploit | No EDB ID |
| VAR-E-201712-0055 |
CVE-2017-17745 CVE-2017-17747 |
TP-Link TL-SG108E XSS / Weak Access Control
Related entries in the VARIoT vulnerabilities database: VAR-201712-0921, VAR-201712-0919 | No EDB ID |
TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.
| VAR-E-201712-0169 |
CVE-2017-17737 CVE-2017-17738 CVE-2017-17739 |
BrightSign Digital Signage - Multiple Vulnerablities - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201712-0913, VAR-201712-0914, VAR-201712-0915 | EDB ID: 43364 |
BrightSign Digital Signage - Multiple Vulnerablities. CVE-2017-17739CVE-2017-17738CVE-2017-17737 . webapps exploit for Hardware platform
| VAR-E-201712-0467 |
CVE-2017-17758 |
Multiple TP-Link Devices CVE-2017-17758 Arbitrary Command Execution Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201712-0951 | No EDB ID |
Multiple TP-Link Devices are prone to a remote arbitrary command-execution vulnerability.
An attacker can exploit this issue to execute arbitrary commands in context of the affected application.
| VAR-E-201712-0126 |
CVE-2017-17411 |
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201712-0291 | EDB ID: 43429 |
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit). CVE-2017-17411 . remote exploit for Hardware platform
| VAR-E-201712-0127 |
CVE-2017-17411 |
Linksys WVBR0 - 'User-Agent' Remote Command Injection - Hardware webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201712-0291 | EDB ID: 43363 |
Linksys WVBR0 - 'User-Agent' Remote Command Injection. CVE-2017-17411 . webapps exploit for Hardware platform
| VAR-E-201712-0370 |
CVE-2017-14016 |
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit) - Windows webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201711-0409 | EDB ID: 43340 |
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit). CVE-2017-14016 . webapps exploit for Windows platform
| VAR-E-201712-0044 |
CVE-2017-17105 CVE-2017-171069 CVE-2017-17106 CVE-2017-17107 |
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution
Related entries in the VARIoT vulnerabilities database: VAR-201712-0829, VAR-201712-0828, VAR-201712-0830 | No EDB ID |
This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103.
| VAR-E-201711-0104 | No CVE | CODESYS Runtime 'plclinux_rt' Multiple Authentication Bypass Vulnerabilities | No EDB ID |
CODESYS Runtime is prone to multiple authentication-bypass vulnerabilities.
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.
| VAR-E-201711-0308 | No CVE | WIFICAM Wireless IP Camera (P2P) - Unauthenticated Remote Code Execution Exploit | No EDB ID |
| VAR-E-201711-0254 | No CVE | DLink DIR-605L < 2.08 - Denial of Service Exploit | No EDB ID |
| VAR-E-201711-0159 | No CVE | TP-Link TL-WR740N - Cross-Site Scripting Vulnerability | No EDB ID |
| VAR-E-201711-0062 | No CVE | Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting Vulnerability | No EDB ID |
| VAR-E-201711-0332 | No CVE | Vonage VDV-23 - Denial of Service Exploit | No EDB ID |
| VAR-E-201711-0245 |
CVE-2017-16902 |
Vonage VDV-23 - Denial of Service - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201711-0521 | EDB ID: 43164 |
Vonage VDV-23 - Denial of Service. CVE-2017-16902 . dos exploit for Hardware platform
| VAR-E-201711-0293 | No CVE | WordPress amtyThumb 8.1.3 Cross Site Scripting | No EDB ID |
WordPress amtyThumb plugin version 8.1.3 suffers from a cross site scripting vulnerability.