VARIoT IoT exploits database
| VAR-E-201105-0637 | No CVE | Hycus CMS Cross Site Request Forgery | No EDB ID |
Hycus CMS suffers from a cross site request forgery vulnerability.
| VAR-E-201105-0258 | No CVE | BMC Dashboards 7.6.01 XSS / File Reading | No EDB ID |
BMC Dashboards version 7.6.01 suffers from cross site scripting and arbitrary file reading vulnerabilities.
| VAR-E-201105-0460 | No CVE | BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure - JSP webapps Exploit | EDB ID: 35707 |
BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure.. webapps exploit for JSP platform
| VAR-E-201105-0745 |
CVE-2011-1827 |
Multiple Check Point SSL VPN On-Demand Applications Remote Code Execution Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201110-0182 | No EDB ID |
Multiple Check Point SSL VPN on-demand applications are prone to a remote code-execution vulnerability.
Successful exploits will allow the attacker to execute arbitrary code within the context of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition.
| VAR-E-201105-0029 |
CVE-2011-2089 |
ICONICS WebHMI - ActiveX Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0146 | EDB ID: 17269 |
ICONICS WebHMI - ActiveX Buffer Overflow (Metasploit). CVE-72135CVE-2011-2089 . remote exploit for Windows platform
| VAR-E-201105-0030 |
CVE-2011-2089 |
ICONICS WebHMI - ActiveX Stack Overflow - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0146 | EDB ID: 17240 |
ICONICS WebHMI - ActiveX Stack Overflow. CVE-2011-2089CVE-72135 . remote exploit for Windows platform
| VAR-E-201104-0344 | No CVE | Linksys WRT54G Cross Site Scripting | No EDB ID |
The Cisco Linksys Wireless G Broadband Router WRT54G with firmware version 4.21.1 suffers from a cross site scripting vulnerability.
| VAR-E-201104-0199 |
CVE-2011-1613 |
Cisco DPC2100 - Denial of Service - Hardware dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201105-0030 | EDB ID: 21523 |
Cisco DPC2100 - Denial of Service. CVE-2011-1613CVE-72616 . dos exploit for Hardware platform
| VAR-E-201104-0170 | No CVE | AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service - Windows dos Exploit | EDB ID: 35654 |
AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service.. dos exploit for Windows platform
| VAR-E-201104-0473 | No CVE | Fiberhome HG-110 Cross Site Scripting / Local File Inclusion | No EDB ID |
Fiberhome HG-110 routers suffer from cross site scripting and local file inclusion vulnerabilities.
| VAR-E-201104-0172 | No CVE | FiberHome HG-110 - Cross-Site Scripting / Directory Traversal - Hardware remote Exploit | EDB ID: 35597 |
FiberHome HG-110 - Cross-Site Scripting / Directory Traversal.. remote exploit for Hardware platform
| VAR-E-201104-0425 | No CVE | vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion - PHP webapps Exploit | EDB ID: 35574 |
vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion.. webapps exploit for PHP platform
| VAR-E-201104-1028 | No CVE | vtiger CRM 5.2.1 Cross Site Scripting | No EDB ID |
A reflected cross site scripting vulnerability in vtiger CRM version 5.2.1 can be exploited to execute arbitrary JavaScript.
| VAR-E-201104-0865 | No CVE | vtiger CRM 5.2.1 Local File Inclusion | No EDB ID |
A local file inclusion vulnerability in vtiger CRM version 5.2.1 can be exploited to include arbitrary files.
| VAR-E-201104-0173 | No CVE | vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting - PHP webapps Exploit | EDB ID: 35577 |
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting.. webapps exploit for PHP platform
| VAR-E-201104-0421 | No CVE | o2 DSL Router Classic Cross Site Request Forgery and HTML Injection Vulnerabilities | No EDB ID |
o2 DSL Router Classic is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities.
An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.
The attacker can exploit the HTML-injection issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or to control how the site is rendered. Other attacks are also possible.
| VAR-E-201104-0002 |
CVE-2012-3571 CVE-2012-3570 CVE-2012-3954 CVE-2011-0997 |
ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201104-0082 | EDB ID: 37538 |
ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities. CVE-2012-3571CVE-84255 . dos exploit for Linux platform
| VAR-E-201103-0631 |
CVE-2011-4041 |
Advantech/BroadWin SCADA Webaccess 7.0 - Multiple Vulnerabilities - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201202-0155 | EDB ID: 35495 |
Advantech/BroadWin SCADA Webaccess 7.0 - Multiple Vulnerabilities. CVE-2011-4041CVE-72869 . remote exploit for Multiple platform
| VAR-E-201103-0452 | No CVE | siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities - Windows remote Exploit | EDB ID: 17022 |
siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities. CVE-72816CVE-72815CVE-72814CVE-72813CVE-72812 . remote exploit for Windows platform
| VAR-E-201103-0087 |
CVE-2011-1566 CVE-2011-1567 CVE-2011-1568 CVE-2011-1565 |
Interactive Graphical SCADA System - Remote Command Injection (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201104-0292, VAR-201104-0289, VAR-201104-0291, VAR-201104-0290 | EDB ID: 29129 |
Interactive Graphical SCADA System - Remote Command Injection (Metasploit). CVE-2011-1566CVE-72349 . remote exploit for Windows platform