VARIoT IoT exploits database
| VAR-E-201101-0677 |
CVE-2009-5040 |
Cisco IOS CallManager Express (CME) (CVE-2009-5040) Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201101-0002 | No EDB ID |
Cisco IOS is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users.
This issue is tracked by Cisco Bug ID CSCta63555.
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsq24002
| VAR-E-201101-0489 |
CVE-2010-2599 |
Research In Motion BlackBerry Device Software Remote Denial Of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201101-0123 | No EDB ID |
Research In Motion BlackBerry Device Software is prone to a remote denial-of-service vulnerability.
Successful exploits allow an attacker to crash the affected browser, resulting in a denial-of-service condition.
Versions prior to Research In Motion BlackBerry Device Software 6.0.0 are vulnerable.
| VAR-E-201101-0731 |
CVE-2011-2393 CVE-2010-4670 CVE-2010-4671 CVE-2010-4669 |
Multiple Vendors IPv6 Neighbor Discovery Router Advertisement Remote Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201101-0314, VAR-201101-0315, VAR-201202-0125, VAR-201101-0300 | No EDB ID |
Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability.
A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users.
| VAR-E-201101-0413 |
CVE-2010-4672 CVE-2010-4681 CVE-2010-4678 CVE-2010-4682 CVE-2010-4679 CVE-2010-4680 CVE-2010-4677 CVE-2010-4676 CVE-2010-4675 |
Cisco ASA 5500 Series 8.2(3) Multiple Remote Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-201101-0329, VAR-201101-0316, VAR-201101-0330, VAR-201101-0310, VAR-201101-0313, VAR-201101-0312, VAR-201101-0311, VAR-201101-0319, VAR-201101-0318 | No EDB ID |
Cisco ASA 5500 series appliances are prone to multiple remote vulnerabilities, including:
Multiple security-bypass vulnerabilities
Multiple denial-of-service vulnerabilities
Attackers can exploit these issues to cause denial-of-service conditions or bypass certain security restrictions.
| VAR-E-201101-0083 |
CVE-2011-0406 |
KingView 6.5.3 - SCADA HMI Heap Overflow - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201101-0115 | EDB ID: 15957 |
KingView 6.5.3 - SCADA HMI Heap Overflow. CVE-2011-0406CVE-70366 . remote exploit for Windows platform
| VAR-E-201012-0770 | No CVE | D-Link WBR-1310 - Authentication Bypass - Hardware webapps Exploit | EDB ID: 15810 |
D-Link WBR-1310 - Authentication Bypass.. webapps exploit for Hardware platform
| VAR-E-201012-0314 | No CVE | D-Link WBR-1310 'tools_admin.cgi' CGI Script Authentication Bypass Vulnerability | No EDB ID |
D-Link WBR-1310 is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to bypass authentication, change the administrative password and gain administrative control of the affected device.
D-Link WBR-1310 with firmware version 2.00 is vulnerable; other versions may also be affected.
| VAR-E-201012-0168 | No CVE | Hycus CMS 1.0.3 SQL Injection | No EDB ID |
Hycus CMS version 1.0.3 suffers from a remote SQL injection vulnerability.
| VAR-E-201012-0054 |
CVE-2010-4599 |
Ecava IntegraXor 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201012-0061 | No EDB ID |
Ecava IntegraXor is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
IntegraXor 3.6.4000.0 is vulnerable; other versions may also be affected.
| VAR-E-201012-0405 | No CVE | Hycus CMS 1.0.3 Local File Inclusion | No EDB ID |
Hycus CMS version 1.0.3 suffers from a local file inclusion vulnerability.
| VAR-E-201012-0611 | No CVE | Hycus CMS 1.0.3 SQL Injection | No EDB ID |
Hycus CMS version 1.0.3 suffers from a remote SQL injection vulnerability.
| VAR-E-201012-0023 | No CVE | Ecava IntegraXor 3.6.4000.0 Directory Traversal | No EDB ID |
Ecava IntegraXor versions 3.6.4000.0 and below suffer from a directory traversal vulnerability.
| VAR-E-201012-0465 |
CVE-2010-4598 |
ecava IntegraXor 3.6.4000.0 - Directory Traversal - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201012-0060 | EDB ID: 15802 |
ecava IntegraXor 3.6.4000.0 - Directory Traversal. CVE-2010-4598CVE-69968 . remote exploit for Windows platform
| VAR-E-201012-0374 |
CVE-2010-4612 CVE-2010-4613 |
Hycus CMS - Multiple Vulnerabilities - PHP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201012-0074, VAR-201012-0075 | EDB ID: 15797 |
Hycus CMS - Multiple Vulnerabilities. CVE-2010-4613CVE-2010-4612CVE-70218CVE-70217CVE-70148CVE-70147CVE-70146CVE-70145 . webapps exploit for PHP platform
| VAR-E-201012-0955 | No CVE | D-Link DIR-300 Cross Site Request Forgery | No EDB ID |
D-Link DIR-300 suffers from a cross site request forgery vulnerability.
| VAR-E-201012-0577 | No CVE | D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings) - Hardware webapps Exploit | EDB ID: 15753 |
D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings).. webapps exploit for Hardware platform
| VAR-E-201012-0974 | No CVE | D-Link DIR-300 'tools_admin.php' Cross-Site Request Forgery Vulnerability | No EDB ID |
The D-Link DIR-300 router is prone to a cross-site request-forgery vulnerability.
Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.
This issue affects D-Link DIR-300 running firmware 1.04.
| VAR-E-201012-0906 |
CVE-2009-2189 |
Apple Time Capsule and AirPort Base Station (CVE-2009-2189) Remote Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201012-0005 | No EDB ID |
Apple Time Capsule and AirPort Base Station are prone to a remote denial-of-service vulnerability when handling an overly large quantity of Router Advertisement (RA) and Neighbor Discovery (ND) packets.
An attacker can exploit this issue to cause an affected device to restart, triggering a denial-of-service condition for legitimate users.
Apple Time Capsule and AirPort Base Station running firmware versions prior to 7.5.2 are affected.
NOTE: This issue was previously discussed in BID 45466 (Apple Time Capsule and AirPort Base Station Multiple Remote Vulnerabilities) but has been given its own record to better document it.
| VAR-E-201012-0534 |
CVE-2010-1804 |
Apple Time Capsule and AirPort Base Station DHCP Reply Remote Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201012-0318 | No EDB ID |
Apple Time Capsule and AirPort Base Station are prone to a remote denial-of-service vulnerability because of an implementation issue in the network bridge.
An attacker can exploit this issue to cause an affected device to stop responding to the network traffic, triggering a denial-of-service condition for legitimate users.
Apple Time Capsule and AirPort Base Station running firmware versions prior to 7.5.2 are affected.
NOTE: This issue was previously discussed in BID 45466 (Apple Time Capsule and AirPort Base Station Multiple Remote Vulnerabilities) but has been given its own record to better document it.
| VAR-E-201012-0376 |
CVE-2010-4597 |
Ecava IntegraXor Remote - ActiveX Buffer Overflow (PoC) - Windows dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201012-0059 | EDB ID: 15767 |
Ecava IntegraXor Remote - ActiveX Buffer Overflow (PoC). CVE-2010-4597CVE-69960 . dos exploit for Windows platform