VARIoT IoT exploits database
| VAR-E-201106-0621 | No CVE | Trend Micro Data Loss Prevention Directory Traversal Vulnerability | No EDB ID |
Trend Micro Data Loss Prevention is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may result in the disclosure of sensitive information or lead to a complete compromise of the affected computer.
Trend Micro Data Loss Prevention 5.5 is vulnerable; other versions may also be affected.
| VAR-E-201106-0678 |
CVE-2011-2107 |
Adobe Flash Player CVE-2011-2107 Cross Site Scripting Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201106-0026 | No EDB ID |
Adobe Flash Player is prone to an unspecified cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following versions are vulnerable:
Adobe Flash Player 10.3.181.16 and prior versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.3.185.22 and prior versions for Android
UPDATE (June 7, 2011): The vendor indicates there may be an impact related to the 'Authplay.dll' component of Adobe Reader and Acrobat X 10.0.3, Reader 9.x and 10.x, and Acrobat 9.x and 10.x. We will update this BID when additional details emerge.
| VAR-E-201106-0467 | No CVE | MODACOM URoad-5000 1450 Command Execution | No EDB ID |
MODACOM URoad-5000 version 1450 has a hard-coded backdoor account that allows for remote command execution.
| VAR-E-201106-0173 | No CVE | MODACOM URoad-5000 1450 - Remote Command Execution / Backdoor Access - Hardware remote Exploit | EDB ID: 17356 |
MODACOM URoad-5000 1450 - Remote Command Execution / Backdoor Access. CVE-72958 . remote exploit for Hardware platform
| VAR-E-201106-0430 | No CVE | MODACOM URoad-5000 Security Bypass Vulnerability and Remote Command Execution Vulnerability | No EDB ID |
MODACOM URoad-5000 is prone to a security-bypass vulnerability and a remote command-execution vulnerability.
An attacker can exploit these issues to bypass certain security restrictions and execute arbitrary commands on the affected device.
MODACOM URoad-5000 firmware version 1450 is vulnerable; other versions may also be affected.
| VAR-E-201106-0065 |
CVE-2011-2039 CVE-2011-2040 |
Cisco AnyConnect VPN Client - ActiveX URL Property Download and Execute (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201106-0112, VAR-201106-0111 | EDB ID: 17366 |
Cisco AnyConnect VPN Client - ActiveX URL Property Download and Execute (Metasploit). CVE-2011-2039CVE-72714 . remote exploit for Windows platform
| VAR-E-201106-0623 | No CVE | Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities - Hardware remote Exploit | EDB ID: 35817 |
Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities.. remote exploit for Hardware platform
| VAR-E-201105-0002 |
CVE-2011-1944 CVE-2013-2465 CVE-2012-0507 CVE-2011-4885 CVE-2011-5035 |
libxmlInvalid 2.7.x - XPath Multiple Memory Corruption Vulnerabilities - Linux remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201112-0123, VAR-201306-0242 | EDB ID: 35810 |
libxmlInvalid 2.7.x - XPath Multiple Memory Corruption Vulnerabilities. CVE-2011-1944CVE-73248 . remote exploit for Linux platform
| VAR-E-201105-0454 | No CVE | Belkin F5D7234-4V5 Wireless G Router 'login.stm' Administrator Password Disclosure Vulnerability | No EDB ID |
Belkin F5D7234-4V5 Wireless G Router is prone to a password-disclosure vulnerability due to a design error.
Attackers can exploit this issue to gain access to the administrator's password. Successfully exploiting this issue may lead to other attacks.
| VAR-E-201105-0567 | No CVE | Vordel Gateway 6.0.3 - Directory Traversal - Linux remote Exploit | EDB ID: 35799 |
Vordel Gateway 6.0.3 - Directory Traversal.. remote exploit for Linux platform
| VAR-E-201105-0737 |
CVE-2011-2214 |
7T Interactive Graphical SCADA System Malformed ODBC Packet Remote Memory Corruption Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201105-0286 | No EDB ID |
7T Interactive Graphical SCADA System is prone to a remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will completely compromise an affected computer. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Interactive Graphical SCADA System 9.0.0.11143 are vulnerable.
| VAR-E-201105-0013 |
CVE-2011-0959 CVE-2011-0960 CVE-2011-0961 CVE-2011-0962 CVE-2011-0966 |
Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0048, VAR-201105-0046, VAR-201105-0049, VAR-201105-0047, VAR-201105-0050 | EDB ID: 35764 |
Cisco Unified Operations Manager 8.5 - iptm/eventmon Multiple Cross-Site Scripting Vulnerabilities. CVE-2011-0959CVE-72418 . remote exploit for Hardware platform
| VAR-E-201105-0012 |
CVE-2011-0959 CVE-2011-0960 CVE-2011-0961 CVE-2011-0962 CVE-2011-0966 |
Cisco Unified Operations Manager 8.5 - 'iptm/advancedfind.do?extn' Cross-Site Scripting - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0048, VAR-201105-0046, VAR-201105-0049, VAR-201105-0047, VAR-201105-0050 | EDB ID: 35762 |
Cisco Unified Operations Manager 8.5 - 'iptm/advancedfind.do?extn' Cross-Site Scripting. CVE-2011-0959CVE-72416 . remote exploit for Hardware platform
| VAR-E-201105-0019 |
CVE-2011-0959 CVE-2011-0960 CVE-2011-0961 CVE-2011-0962 CVE-2011-0966 |
Cisco Unified Operations Manager 8.5 - '/iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0048, VAR-201105-0046, VAR-201105-0049, VAR-201105-0047, VAR-201105-0050 | EDB ID: 35766 |
Cisco Unified Operations Manager 8.5 - '/iptm/logicalTopo.do' Multiple Cross-Site Scripting Vulnerabilities. CVE-2011-0959CVE-72420 . remote exploit for Hardware platform
| VAR-E-201105-0014 |
CVE-2011-0959 CVE-2011-0960 CVE-2011-0961 CVE-2011-0962 CVE-2011-0966 |
Cisco Unified Operations Manager 8.5 - 'iptm/ddv.do?deviceInstanceName' Cross-Site Scripting - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0048, VAR-201105-0046, VAR-201105-0049, VAR-201105-0047, VAR-201105-0050 | EDB ID: 35763 |
Cisco Unified Operations Manager 8.5 - 'iptm/ddv.do?deviceInstanceName' Cross-Site Scripting. CVE-2011-0959CVE-72417 . remote exploit for Hardware platform
| VAR-E-201105-0015 |
CVE-2011-0962 CVE-2011-0959 CVE-2011-0960 CVE-2011-0961 CVE-2011-0966 |
Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0048, VAR-201105-0046, VAR-201105-0049, VAR-201105-0047, VAR-201105-0050 | EDB ID: 35780 |
Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting. CVE-2011-0962CVE-72421 . remote exploit for Hardware platform
| VAR-E-201105-0017 |
CVE-2011-0959 CVE-2011-0960 CVE-2011-0961 CVE-2011-0962 CVE-2011-0966 |
Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0048, VAR-201105-0046, VAR-201105-0049, VAR-201105-0047, VAR-201105-0050 | EDB ID: 35765 |
Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities. CVE-2011-0959CVE-72419 . remote exploit for Hardware platform
| VAR-E-201105-0595 | No CVE | DreamBox Multiple DM500 Products Directory Traversal Vulnerability | No EDB ID |
DreamBox DM500 products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.
The following products are vulnerable:
DreamBox DM500
DreamBox DM500+
DreamBox DM500HD
DreamBox DM500S
| VAR-E-201105-0001 |
CVE-2011-0419 CVE-2013-2465 CVE-2012-0507 CVE-2011-4885 CVE-2011-5035 |
Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201112-0123, VAR-201306-0242, VAR-201105-0121 | EDB ID: 35738 |
Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service. CVE-2011-0419CVE-73383 . dos exploit for Linux platform
| VAR-E-201105-0526 | No CVE | 7T Interactive Graphical SCADA System HMI Multiple Denial of Service Vulnerabilities | No EDB ID |
7T Interactive Graphical SCADA System is prone to multiple denial-of-service vulnerabilities that affect the human-machine interface (HMI) component.
An attacker can exploit these issues to cause denial-of-service conditions by sending specially crafted packets to the affected services.