Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-201009-0031 CVE-2010-0840
CVE-2012-0053
CVE-2011-3368
 Java - 'Statement.invoke()' Trusted Method Chain (Metasploit) - Multiple remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038		 EDB ID: 16297
Java - 'Statement.invoke()' Trusted Method Chain (Metasploit). CVE-2010-0840CVE-63483 . remote exploit for Multiple platform
VAR-E-201012-1021 CVE-2010-0840
CVE-2012-0053
CVE-2011-3368
 Java - 'Statement.invoke()' Trusted Method Chain (Metasploit) - Multiple remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038		 EDB ID: 16297
Java - 'Statement.invoke()' Trusted Method Chain (Metasploit). CVE-2010-0840CVE-63483 . remote exploit for Multiple platform
VAR-E-201012-0459 CVE-2010-2590
 Crystal Reports CrystalPrintControl - ActiveX ServerResourceVersion Property Overflow (Metasploit) - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201012-0203		 EDB ID: 23472
Crystal Reports CrystalPrintControl - ActiveX ServerResourceVersion Property Overflow (Metasploit). CVE-2010-2590CVE-69917 . remote exploit for Windows platform
VAR-E-201012-0460 CVE-2010-2590
 Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201012-0203		 EDB ID: 15733
Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX. CVE-2010-2590CVE-69917 . remote exploit for Windows platform
VAR-E-201009-0027 CVE-2010-4094
CVE-2010-0557
CVE-2009-4189
CVE-2009-4188
CVE-2009-3843
CVE-2009-3548
CVE-2012-0053
CVE-2011-3368
 Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit) - Multiple remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200911-0053, VAR-200912-0129, VAR-201110-0291, VAR-201201-0038		 EDB ID: 16317
Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit). CVE-2010-4094CVE-2010-0557CVE-2009-4189CVE-2009-4188CVE-2009-3843CVE-2009-3548CVE-60670CVE-60317CVE-60176 . remote exploit for Multiple platform
VAR-E-201012-1020 CVE-2010-4094
CVE-2010-0557
CVE-2009-4189
CVE-2009-4188
CVE-2009-3843
CVE-2009-3548
CVE-2012-0053
CVE-2011-3368
 Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit) - Multiple remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200911-0053, VAR-200912-0129, VAR-201110-0291, VAR-201201-0038		 EDB ID: 16317
Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit). CVE-2010-4094CVE-2010-0557CVE-2009-4189CVE-2009-4188CVE-2009-3843CVE-2009-3548CVE-60670CVE-60317CVE-60176 . remote exploit for Multiple platform
VAR-E-201011-0256 No CVE D-Link DIR-300 - WiFi Key Security Bypass - Hardware remote Exploit EDB ID: 35014
D-Link DIR-300 - WiFi Key Security Bypass. CVE-75178 . remote exploit for Hardware platform
VAR-E-201011-0642 No CVE ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Cross-Site Scripting - Multiple webapps Exploit EDB ID: 35012
ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Cross-Site Scripting.. webapps exploit for Multiple platform
VAR-E-201011-0939 No CVE ZyXEL P-660R-T1 V2 Cross Site Scripting No EDB ID
ZyXEL P-660R-T1 V2 suffers from a cross site scripting vulnerability.
VAR-E-201011-0943 CVE-2010-3909
CVE-2010-3910
CVE-2010-3911
 Vtiger CRM 5.2.0 Code Execution / Cross Site Scripting / Local File Inclusion

Related entries in the VARIoT vulnerabilities database: VAR-201011-0264, VAR-201011-0265, VAR-201011-0266		 No EDB ID
Vtiger CRM 5.2.0 suffers from code execution, cross site scripting and local file inclusion vulnerabilities.
VAR-E-201011-1064 No CVE RETIRED: Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness No EDB ID
Cisco Unified Videoconferencing is prone to multiple remote vulnerabilities and a weakness. An attacker can exploit these issue to gain unauthorized access to the affected device, gain access to sensitive information, compromise the affected device, and hijack a user's session. Other attacks are also possible. The following products are affected: Cisco Unified Videoconferencing 5110 System Cisco Unified Videoconferencing 5115 System Cisco Unified Videoconferencing 5230 System Cisco Unified Videoconferencing 3545 System Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) This BID is being retired. The following individual records exist to better document the issues: 44922 Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities 44923 Cisco Unified Videoconferencing Password Obfuscation Vulnerability 44924 Cisco Unified Videoconferencing Hardcoded User Credentials Authentication Bypass Vulnerability 44925 Cisco Unified Videoconferencing Security Bypass Vulnerability 44926 Cisco Unified Videoconferencing Web Interface Weak Session Cookie Session Hijacking Vulnerability 44927 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability 44928 Cisco Unified Videoconferencing FTP Server Security Weakness 44929 Cisco Unified Videoconferencing Security Bypass Vulnerability 44936 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability
VAR-E-201011-0644 No CVE Cisco Unified Videoconferencing Password Obfuscation Vulnerability No EDB ID
Cisco Unified Videoconferencing is prone to a weak-password obfuscation vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected device. This issue is being tracked by Cisco bug ID CSCti54010. The following products are affected: Cisco Unified Videoconferencing 5110 System Cisco Unified Videoconferencing 5115 System Cisco Unified Videoconferencing 5230 System Cisco Unified Videoconferencing 3545 System Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it.
VAR-E-201011-0392 No CVE Vtiger CRM Multiple Remote Security Vulnerabilities No EDB ID
Vtiger CRM is prone to an arbitrary-file-upload vulnerability, multiple local file-include vulnerabilities, and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary code in the context of the webserver process, view and execute arbitrary local files within the context of the webserver process, steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Vtiger CRM 5.2.0 is vulnerable; other versions may also be affected.
VAR-E-201011-0049 No CVE SAP NetWeaver 7.0 - SQL Monitor Multiple Cross-Site Scripting Vulnerabilities - Windows remote Exploit EDB ID: 35001
SAP NetWeaver 7.0 - SQL Monitor Multiple Cross-Site Scripting Vulnerabilities.. remote exploit for Windows platform
VAR-E-201011-0051 CVE-2010-4107
 HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal - Hardware webapps Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201011-0192		 EDB ID: 32990
HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal. CVE-2010-4107 . webapps exploit for Hardware platform
VAR-E-201011-0053 CVE-2010-4107
 HP LaserJet - Directory Traversal in PJL Interface - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201011-0192		 EDB ID: 15631
HP LaserJet - Directory Traversal in PJL Interface. CVE-2010-4107CVE-69268 . remote exploit for Hardware platform
VAR-E-201011-0052 CVE-2010-4107
 HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit) - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201011-0192		 EDB ID: 17635
HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit). CVE-2010-4107 . remote exploit for Hardware platform
VAR-E-201011-0050 CVE-2010-4107
 HP JetDirect PJL - Query Execution (Metasploit) - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201011-0192		 EDB ID: 17636
HP JetDirect PJL - Query Execution (Metasploit). CVE-2010-4107 . remote exploit for Hardware platform
VAR-E-201011-0895 No CVE D-Link DIR-300 - Multiple Security Bypass Vulnerabilities - Hardware remote Exploit EDB ID: 34986
D-Link DIR-300 - Multiple Security Bypass Vulnerabilities. CVE-75178 . remote exploit for Hardware platform
VAR-E-201011-0390 CVE-2010-4741
 MOXA Device Manager Tool 2.1 - Remote Buffer Overflow (Metasploit) - Windows remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201102-0182		 EDB ID: 16381
MOXA Device Manager Tool 2.1 - Remote Buffer Overflow (Metasploit). CVE-69027CVE-2010-4741 . remote exploit for Windows platform