VARIoT IoT exploits database

VAR-E-201108-0142	No CVE	ABBS Audio Media Player 3.0 - Local Buffer Overflow (Metasploit) - Windows local Exploit	EDB ID: 17604

ABBS Audio Media Player 3.0 - Local Buffer Overflow (Metasploit).. local exploit for Windows platform

VAR-E-201108-0177	No CVE	Siemens SIMATIC S7-300 Hardcoded Credentials Security Bypass Vulnerability	No EDB ID

Siemens SIMATIC S7-300 is prone to a security-bypass vulnerability caused by hard-coded credentials. Successful attacks can allow a remote attacker to gain access to the vulnerable device.

VAR-E-201107-0580	No CVE	Avaya Secure Access Link (SAL) Gateway Invalid Domian Servers Information Disclosure Vulnerability	No EDB ID

Avaya Secure Access Link (SAL) gateway is prone to an information-disclosure vulnerability. To exploit this issue, attackers need to host malicious email servers with 'secavaya.com' and 'secaxeda.com' domain names. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks. This issue affects Secure Access Link 1.5, 1.8, and 2.0.

VAR-E-201107-0314	CVE-2011-2403	HP Network Automation 9.10 - SQL Injection - PHP webapps Exploit Related entries in the VARIoT vulnerabilities database: VAR-201108-0084	EDB ID: 36000

HP Network Automation 9.10 - SQL Injection. CVE-2011-2403CVE-74134 . webapps exploit for PHP platform

VAR-E-201107-0202	No CVE	Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure - Hardware remote Exploit	EDB ID: 35997

Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure.. remote exploit for Hardware platform

VAR-E-201107-0121	No CVE	Dlink DPH 150SE/E/F1 IP Phones Multiple Remote Vulnerabilities	No EDB ID

Dlink DPH IP phones are prone to multiple remote vulnerabilities. An attacker with access to the web interface of the device can exploit these issues to compromise the affected device, upload arbitrary files, gain access to sensitive information and cause a denial-of-service condition. The following devices are affected: Dlink DPH 150SE Dlink DPH 150E Dlink DPH 150F1

VAR-E-201107-0516	No CVE	CiscoKits CCNA TFTP Server Long Filename Remote Denial of Service Vulnerability	No EDB ID

CiscoKits CCNA TFTP Server is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. CiscoKits CCNA TFTP Server 1.0 is affected; other versions may also be vulnerable.

VAR-E-201107-0006	No CVE	HTC OBEX FTP Service in Android Directory Traversal Vulnerability	No EDB ID

HTC devices running the Bluetooth OBEX FTP service on Android OS is prone to a directory-traversal vulnerability. Exploiting this issue allows an attacker to read or download arbitrary files from locations outside the application's current directory and obtain sensitive information. Other attacks may also be possible.

VAR-E-201107-0277	No CVE	Iconics GENESIS32 9.21.201.01 - Integer Overflow (Metasploit) - Windows remote Exploit	EDB ID: 17543

Iconics GENESIS32 9.21.201.01 - Integer Overflow (Metasploit). CVE-72817 . remote exploit for Windows platform

VAR-E-201107-0259	No CVE	Alice Modem 1111 Cross Site Scripting / Denial Of Service	No EDB ID

Alice Modem version 1111 suffers from cross site scripting and denial of service vulnerabilities.

VAR-E-201107-0447	No CVE	Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service - Hardware dos Exploit	EDB ID: 35939

Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service.. dos exploit for Hardware platform

VAR-E-201107-0749	No CVE	D-Link DSL-2650U Denial Of Service	No EDB ID

D-Link DSL-2650U remote denial of service proof of concept exploit.

VAR-E-201107-0154	No CVE	D-Link DSL-2650U - Denial of Service (PoC) - Hardware dos Exploit	EDB ID: 17501

D-Link DSL-2650U - Denial of Service (PoC).. dos exploit for Hardware platform

VAR-E-201107-0097	No CVE	Portech MV-372 VoIP Gateway - Multiple Vulnerabilities - Hardware remote Exploit	EDB ID: 35925

Portech MV-372 VoIP Gateway - Multiple Vulnerabilities.. remote exploit for Hardware platform

VAR-E-201107-0266	No CVE	Portech MV-372 Denial Of Service / Bypass	No EDB ID

Portech MV-372 suffers from bypass, information disclosure, and denial of service vulnerabilities.

VAR-E-201106-0354	CVE-2011-2608	HP Operations Manager 'Register' Request Arbitrary File Deletion Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-201107-0275	No EDB ID

HP Operations Manager is prone to an arbitrary-file-deletion vulnerability. An attacker can exploit this issue to delete arbitrary files on an affected computer. Successful exploits will result in a denial-of-service condition or the corruption of applications running on the affected computer.

VAR-E-201106-0001	CVE-2011-2956	AzeoTech DaqFactory - Denial of Service - Multiple dos Exploit Related entries in the VARIoT vulnerabilities database: VAR-201107-0256	EDB ID: 36007

AzeoTech DaqFactory - Denial of Service. CVE-2011-2956CVE-73390 . dos exploit for Multiple platform

VAR-E-201106-0424	No CVE	H3C ER5100 - Authentication Bypass - ASP webapps Exploit	EDB ID: 35872

H3C ER5100 - Authentication Bypass.. webapps exploit for ASP platform

VAR-E-201106-0617	No CVE	Multiple IP Cameras 'productmaker' Account Unauthorized Access Vulnerability	No EDB ID

Multiple IP cameras are prone to an unauthorized access vulnerability. Successful exploits will allow a remote attacker to gain unauthorized access to the affected device. The following IP cameras are affected: IPUX ICS1033 Digicom IP Camera 100W TRENDnet TV-IP422W

VAR-E-201106-0073	CVE-2011-2110 CVE-2008-4192	Adobe Flash Player - AVM Verification Logic Array Indexing Code Execution (Metasploit) - Windows remote Exploit Related entries in the VARIoT vulnerabilities database: VAR-201106-0034	EDB ID: 19295

Adobe Flash Player - AVM Verification Logic Array Indexing Code Execution (Metasploit). CVE-2011-2110CVE-48268CVE-2008-4192 . remote exploit for Windows platform