VARIoT IoT exploits database

Cisco ASA 5580 series security appliances are prone to multiple security vulnerabilities. The vulnerabilities include multiple denial-of-service vulnerabilities, multiple buffer-overflow vulnerabilities, authentication-bypass vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5580 series security appliances with software prior to 8.1(2) are vulnerable.

SAP MaxDB 7.4/7.6 - 'webdbm' Multiple Cross-Site Scripting Vulnerabilities. CVE-2007-4475CVE-53066 . remote exploit for Windows platform

Cisco ASA Appliance 7.x/8.0 WebVPN - Cross-Site Scripting. CVE-2009-1220CVE-53147 . remote exploit for Hardware platform

SAP AG SAPgui EAI WebViewer3D - Remote Buffer Overflow (Metasploit). CVE-2007-4475CVE-53066 . remote exploit for Windows platform

Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit these issues to cause an affected device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsu11522.

Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine are prone to multiple remote vulnerabilities: - Multiple authentication-bypass issues - A remote privilege-escalation issue - Multiple denial-of-service issues Attackers can exploit these issues to execute arbitrary commands, gain administrative access, and cause denial-of-service conditions. Other attacks are also possible.

Multiple Cisco Wireless LAN Controllers are prone to these remote vulnerabilities: - Multiple denial-of-service vulnerabilities - A remote privilege-escalation vulnerability Remote attackers can exploit these issues to gain administrative rights on an affected device or crash the device, denying service to legitimate users. The following devices are affected: Cisco 4400 Series Wireless LAN Controllers Cisco Catalyst 6500 Series/7600 Series Wireless Services Module (WiSM) Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

HTC devices running Android versions 2.1 and 2.2 suffer from a directory traversal vulnerability in the OBEX FTP service. Full details provided.

Multiple Sagem F@st routers are prone to an unauthorized-access vulnerability. Attackers can exploit this issue to reset the router, possibly resulting in denial-of-service conditions. Other security implications that could aid in further attacks may also occur. The following routers are affected: Sagem F@st 1200 Sagem F@st 1240 Sagem F@st 1400 Sagem F@st 1400W Sagem F@st 1500 Sagem F@st 1500-WG Sagem F@st 2404

Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities. CVE-2008-3821CVE-51394CVE-51393 . remote exploit for Hardware platform

The SizerOne ActiveX control used in products by multiple vendors is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions.

Microsoft SQL Server - 'sp_replwritetovarbin()' Heap Overflow. CVE-50589CVE-2008-5416CVE-2008-4270 . local exploit for Windows platform

Microsoft SQL Server - 'sp_replwritetovarbin()' Heap Overflow. CVE-50589CVE-2008-5416CVE-2008-4270 . local exploit for Windows platform

Maxum Rumpus is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, possibly with root privileges. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Rumpus 6.0.1 are vulnerable.

Maxum Rumpus FTP Server is prone to a remote denial-of-service vulnerability. This issue allows remote attackers to crash affected servers, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code within the context of the vulnerable application, but this has not been confirmed. Versions prior to Rumpus 6.0.1 are vulnerable.

DELTAScripts PHP Links 1.3 - Authentication Bypass. CVE-53672CVE-2008-6720 . webapps exploit for PHP platform

Cisco IOS and CatOS are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCsv05934 and CSCsv11741.

Net-SNMP is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue affects versions *prior to* the following: Net-SNMP 5.2.5.1 Net-SNMP 5.3.2.3 Net-SNMP 5.4.2.1

Hitachi JP1/File Transmission Server/FTP is prone to an unspecified denial-of-service vulnerability because it fails to properly handle unexpected data. Attackers can exploit this issue to cause the connection to be reset or to stop FTP services.

DATAC RealWin SCADA Server 2.0 - Remote Stack Buffer Overflow.. remote exploit for Windows platform