VARIoT IoT exploits database
| VAR-E-201006-0125 | No CVE | Linksys WAP54Gv3 Wireless Router - 'debug.cgi' Cross-Site Scripting - Hardware remote Exploit | EDB ID: 34182 |
Linksys WAP54Gv3 Wireless Router - 'debug.cgi' Cross-Site Scripting.. remote exploit for Hardware platform
| VAR-E-201006-0218 |
CVE-2010-1465 |
Trellian FTP Client 3.01 - PASV Remote Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201004-0487 | EDB ID: 16710 |
Trellian FTP Client 3.01 - PASV Remote Buffer Overflow (Metasploit). CVE-2010-1465CVE-63812 . remote exploit for Windows platform
| VAR-E-201006-1662 | No CVE | Linksys WAP54Gv3 Remote Debug Root Shell | No EDB ID |
The Linksys WAP54Gv3 has a debug interface allowing for the execution of root privileged shell commands. Hardcoded credentials, that cannot be changed by user, can be used for accessing the debug interface.
| VAR-E-201006-1691 |
CVE-2010-1573 |
Linksys WAP54Gv3 Wireless Router Debug Credentials Security Bypass Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201006-0273 | No EDB ID |
Linksys WAP54Gv3 wireless router devices are prone to a security-bypass vulnerability because they allow access to debugging scripts through hard coded credentials.
Successful exploits allow attackers to gain privileged access to the device; other attacks may also be possible.
The following firmware versions are vulnerable:
3.05.03 (Europe)
3.04.03 (US)
Other versions or devices may also be affected.
| VAR-E-201005-1242 |
CVE-2009-5037 |
Cisco ASA 5500 Series ASDM Real Time Log Viewer (CVE-2009-5037) Denial of Service Vulnerability
Related entries in the VARIoT vulnerabilities database: VAR-201101-0004 | No EDB ID |
Cisco ASA security appliances are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.
This issue is documented in Cisco bug IDs CSCsm11264 and CSCtb92911.
| VAR-E-201005-0284 | No CVE | U.S.Robotics USR5463 Firmware '/cgi-bin/setup_ddns.exe' Cross-Site Request Forgery Vulnerability | No EDB ID |
U.S.Robotics USR5463 firmware is prone to a cross-site request-forgery vulnerability.
Successful exploits may allow attackers to perform unauthorized actions on the affected device in the context of a logged-in user. This may allow attackers to gain access to or modify sensitive information and perform HTML-injection attacks.
U.S.Robotics USR5463 firmware versions 0.01 through 0.06 are vulnerable.
| VAR-E-201005-0342 |
CVE-2010-2025 CVE-2010-2026 |
Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201005-0198, VAR-201005-0199 | EDB ID: 34033 |
Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities. CVE-2010-2025CVE-64941 . remote exploit for Hardware platform
| VAR-E-201005-0965 | No CVE | vtiger CRM 5.2.0 Shell Upload | No EDB ID |
vtiger CRM version 5.2.0 suffers from a shell upload vulnerability.
| VAR-E-201005-1525 | No CVE | vtiger CRM 5.2.0 Cross Site Request Forgery | No EDB ID |
vtiger CRM version 5.2.0 cross site request forgery exploit.
| VAR-E-201005-1001 | No CVE | Rumba FTP Client 'FTPSFtp.dll' ActiveX Control Buffer Overflow Vulnerability | No EDB ID |
Rumba FTP client ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successful exploits may allow an attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts will likely result in denial-of-service conditions.
The issue affects Rumba FTP client version 4.2.0.0.
| VAR-E-201005-0839 | No CVE | U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection - Hardware remote Exploit | EDB ID: 34018 |
U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection.. remote exploit for Hardware platform
| VAR-E-201005-0845 | No CVE | Cisco Application Control Engine (ACE) - HTTP Parsing Security - Hardware remote Exploit | EDB ID: 33962 |
Cisco Application Control Engine (ACE) - HTTP Parsing Security.. remote exploit for Hardware platform
| VAR-E-201004-1346 | No CVE | Mini Web Server Cross Site Scripting and Directory Traversal Vulnerabilities | No EDB ID |
Mini Web Server is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and other harvested information may aid in launching further attacks.
Mini Web Server 1.0 is vulnerable; other versions may also be affected.
| VAR-E-201004-0822 | No CVE | Tele Data's Contact Management Server 0.9 - 'Username' SQL Injection - PHP webapps Exploit | EDB ID: 33909 |
Tele Data's Contact Management Server 0.9 - 'Username' SQL Injection.. webapps exploit for PHP platform
| VAR-E-201004-0001 |
CVE-2010-1437 CVE-2012-0053 CVE-2011-3368 |
Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038 | EDB ID: 33886 |
Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption. CVE-2010-1437CVE-64549 . dos exploit for Linux platform
| VAR-E-201004-1924 |
CVE-2010-1437 CVE-2012-0053 CVE-2011-3368 |
Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038 | EDB ID: 33886 |
Linux Kernel 2.6.34 - 'find_keyring_by_name()' Local Memory Corruption. CVE-2010-1437CVE-64549 . dos exploit for Linux platform
| VAR-E-201004-1350 | No CVE | 3Com H3C SR6600 SNMP Remote Denial of Service Vulnerability | No EDB ID |
The 3Com H3C SR6600 is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to cause the affected device to restart, denying service to legitimate users.
| VAR-E-201004-1027 | No CVE | Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure - Hardware remote Exploit | EDB ID: 33869 |
Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure.. remote exploit for Hardware platform
| VAR-E-201004-0005 |
CVE-2010-0740 CVE-2012-0053 CVE-2011-3368 |
OpenSSL - Remote Denial of Service - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038, VAR-201003-0281 | EDB ID: 12334 |
OpenSSL - Remote Denial of Service. CVE-2010-0740 . dos exploit for Linux platform
| VAR-E-201004-0002 |
CVE-2010-1157 CVE-2012-0053 CVE-2011-3368 |
Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038 | EDB ID: 12343 |
Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure. CVE-2010-1157 . remote exploit for Multiple platform