Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201102-0242 CVE-2011-0375
CVE-2011-0372
CVE-2011-0376
CVE-2011-0373
CVE-2011-0374
CVE-2011-0377
CVE-2011-0378
 Cisco TelePresence Endpoint Devices Multiple Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201102-0218, VAR-201102-0219, VAR-201102-0233, VAR-201102-0234, VAR-201102-0215, VAR-201102-0217, VAR-201102-0216		 No EDB ID
Cisco TelePresence endpoint devices are prone to multiple vulnerabilities. An attacker can exploit these issues to execute arbitrary commands, disclose potentially sensitive information, or cause denial-of-service conditions.
VAR-E-201102-0033 CVE-2011-0393
CVE-2011-0395
CVE-2011-0396
 Cisco ASA 5500 Series Adaptive Security Appliances Multiple Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201102-0220, VAR-201102-0222, VAR-201102-0223		 No EDB ID
Cisco ASA 5500 series security appliances are prone to multiple remote vulnerabilities. An attacker can exploit these issues to disclose potentially sensitive information or to cause denial-of-service conditions.
VAR-E-201102-0413 CVE-2011-0380
CVE-2011-0381
 Cisco TelePresence Manager Multiple Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201102-0236, VAR-201102-0237		 No EDB ID
Cisco TelePresence Manager is prone to multiple vulnerabilities. An attacker can exploit these issues to execute arbitrary commands, and bypass authentication. Successful exploits may aid in a complete compromise of an affected device.
VAR-E-201102-0679 CVE-2011-0389
CVE-2011-0384
CVE-2011-0387
CVE-2011-0390
 Cisco TelePresence Multipoint Switch Multiple Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201102-0227, VAR-201102-0224, VAR-201102-0230, VAR-201102-0229		 No EDB ID
Cisco TelePresence Multipoint Switch is prone to multiple vulnerabilities, including: 1. Multiple denial-of-service vulnerabilities 2. A security-bypass vulnerability 3. An unauthorized-access vulnerability An attacker can exploit these issues to bypass certain security restrictions and cause a denial-of-service condition. Other attacks are also possible. These issues are being tracked by the following Cisco Bug IDs: CSCtf01253 CSCtf97164 CSCth60993 CSCtj44534
VAR-E-201102-0559 CVE-2011-0386
CVE-2011-0392
CVE-2011-0391
CVE-2011-0382
 Cisco TelePresence Recording Server Multiple Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201102-0238, VAR-201102-0226, VAR-201102-0231, VAR-201102-0232		 No EDB ID
Cisco TelePresence Recording Server is prone to multiple vulnerabilities. An attacker can exploit these issues to execute arbitrary commands, cause denial-of-service conditions, gain unauthorized access, or potentially completely compromise an affected device.
VAR-E-201102-0332 CVE-2011-3143
 Control Microsystems ClearSCADA Multiple Remote Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201108-0128		 No EDB ID
Control Microsystems ClearSCADA is prone to multiple remote vulnerabilities, including: 1. A cross-site scripting vulnerability 2. A buffer-overflow vulnerability 3. An information-disclosure vulnerability An attacker can exploit these issues to execute arbitrary code with elevated privileges, execute arbitrary script code within the context of the webserver, steal cookie-based authentication credentials, and gain access to sensitive information. Other attacks are also possible. The following products are affected: ClearSCADA 2005 ClearSCADA 2007 ClearSCADA 2009
VAR-E-201102-0738 No CVE 7T Interactive Graphical SCADA System Malformed Packet Remote Memory Corruption Vulnerability No EDB ID
7T Interactive Graphical SCADA System is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will completely comprise the affected system. Failed exploit attempts will result in a denial-of-service condition.
VAR-E-201009-0037 CVE-2008-5416
CVE-2012-0053
CVE-2011-3368
 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit) - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038		 EDB ID: 16396
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit). CVE-2008-5416CVE-50589CVE-MS09-004 . remote exploit for Windows platform
VAR-E-201102-0766 CVE-2008-5416
CVE-2012-0053
CVE-2011-3368
 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit) - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038		 EDB ID: 16396
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit). CVE-2008-5416CVE-50589CVE-MS09-004 . remote exploit for Windows platform
VAR-E-201102-0765 CVE-2010-4476
CVE-2012-0053
CVE-2011-3368
 Oracle Java - Floating-Point Value Denial of Service - Multiple dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201102-0280, VAR-201201-0038		 EDB ID: 35304
Oracle Java - Floating-Point Value Denial of Service. CVE-2010-4476CVE-70965 . dos exploit for Multiple platform
VAR-E-201003-0021 CVE-2010-4476
CVE-2012-0053
CVE-2011-3368
 Oracle Java - Floating-Point Value Denial of Service - Multiple dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201102-0280, VAR-201201-0038		 EDB ID: 35304
Oracle Java - Floating-Point Value Denial of Service. CVE-2010-4476CVE-70965 . dos exploit for Multiple platform
VAR-E-201101-0004 No CVE Hycus CMS 1.0.3 Path Disclosure No EDB ID
Hycus CMS version 1.0.3 suffers from a path disclosure vulnerability.
VAR-E-201101-0027 No CVE MuPDF 'closedctd()' PDF File Handling Remote Code Execution Vulnerability No EDB ID
MuPDF is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. MuPDF 0.7 is vulnerable; other versions may also be affected.
VAR-E-201101-0759 CVE-2008-5416
CVE-2012-0053
CVE-2011-3368
 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit) - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038		 EDB ID: 16392
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit). CVE-2008-5416CVE-50589CVE-MS09-004 . remote exploit for Windows platform
VAR-E-201009-0036 CVE-2008-5416
CVE-2012-0053
CVE-2011-3368
 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit) - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038		 EDB ID: 16392
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit). CVE-2008-5416CVE-50589CVE-MS09-004 . remote exploit for Windows platform
VAR-E-201101-0157 CVE-2018-8738
 Airties AIR5444TT - Cross-Site Scripting - Windows webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201807-2161		 EDB ID: 44986
Airties AIR5444TT - Cross-Site Scripting. CVE-2018-8738 . webapps exploit for Windows platform
VAR-E-201101-0439 CVE-2011-0517
 Sielco Sistemi Winlog 2.07.00 - Stack Overflow - Windows dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201101-0361		 EDB ID: 15992
Sielco Sistemi Winlog 2.07.00 - Stack Overflow. CVE-2011-0517CVE-70418 . dos exploit for Windows platform
VAR-E-201101-0440 CVE-2011-0517
 Sielco Sistemi Winlog - Remote Buffer Overflow (Metasploit) - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201101-0361		 EDB ID: 17430
Sielco Sistemi Winlog - Remote Buffer Overflow (Metasploit). CVE-2011-0517CVE-70418 . remote exploit for Windows platform
VAR-E-201101-0030 No CVE SAP Crystal Reports Server ActiveX Control Multiple Insecure Method Vulnerabilities No EDB ID
The SAP Crystal Reports Server ActiveX control is prone to multiple insecure-method vulnerabilities. Successful exploits will compromise affected computers or cause denial-of-service conditions; other attacks are possible. SAP Crystal Reports Server 2008 is vulnerable.
VAR-E-201101-0145 No CVE SAP Crystal Reports Server Multiple Vulnerabilities No EDB ID
SAP Crystal Reports Server is prone to multiple cross-site scripting vulnerabilities and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. The cross-site scripting issues can be exploited to execute script code in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. The directory-traversal issue can be exploited to disclose the contents of arbitrary files. SAP Crystal Reports Server 2008 is vulnerable.