VARIoT IoT exploits database
| VAR-E-200809-0948 |
CVE-2008-3801 CVE-2008-3800 CVE-2008-3802 CVE-2008-3799 |
Cisco IOS SIP Multiple Denial of Service Vulnerabilities
Related entries in the VARIoT vulnerabilities database: VAR-200809-0022, VAR-200809-0023, VAR-200809-0036, VAR-200809-0021 | No EDB ID |
Devices running Cisco IOS with SIP enabled are prone to multiple denial-of-service vulnerabilities.
These issues are tracked by the following Cisco bug IDs and CVEs:
CSCse56800 (CVE-2008-3799)
CSCsg91306 (CVE-2008-3800)
CSCsl62609 (CVE-2008-3801)
CSCsk42759 (CVE-2008-3802)
An attacker can exploit these issues to deny service to legitimate users.
| VAR-E-200809-0862 |
CVE-2008-3809 CVE-2008-3808 |
Cisco IOS Protocol Independent Multicast (PIM) Multiple Denial of Service Vulnerablities
Related entries in the VARIoT vulnerabilities database: VAR-200809-0363, VAR-200809-0042 | No EDB ID |
Cisco IOS is prone to multiple remote denial-of-service vulnerabilities because the software fails to properly handle malformed network datagrams.
Successfully exploiting these issues allows remote attackers to cause targeted devices to reload. Multiple exploits can lead to a sustained denial-of-service.
These issues are tracked by Cisco Bug IDs CSCsd95616 and CSCsl34355.
| VAR-E-200809-0949 | No CVE | Multiple SAGEM F@st Routers DHCP Hostname HTML Injection Vulnerability | No EDB ID |
Multiple SAGEM F@st routers are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied input data.
Attacker-supplied HTML and script code would run in the context of the web interface of the affected device, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The issue affects SAGEM F@st routers 1200, 1240, 1400, 1400W, 1500, 1500-WG, and 2404.
| VAR-E-200809-0699 |
CVE-2008-6465 |
Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200903-0100 | EDB ID: 32396 |
Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities.. webapps exploit for PHP platform
| VAR-E-200809-0317 |
CVE-2008-4128 |
Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution (1) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200809-0053 | EDB ID: 6476 |
Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution (1). CVE-2008-4128 . remote exploit for Hardware platform
| VAR-E-200809-0315 |
CVE-2008-4128 |
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200809-0053 | EDB ID: 32390 |
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1).. remote exploit for Hardware platform
| VAR-E-200809-0316 |
CVE-2008-4128 |
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2) - Hardware remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200809-0053 | EDB ID: 32391 |
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2).. remote exploit for Hardware platform
| VAR-E-200809-0194 | No CVE | Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution (2) - Hardware remote Exploit | EDB ID: 6477 |
Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution (2).. remote exploit for Hardware platform
| VAR-E-200809-0779 | No CVE | Sagem F@st 2404 Router 'wancfg.cmd' Denial of Service Vulnerability | No EDB ID |
Sagem F@st 2404 is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause the affected device to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
| VAR-E-200809-0435 |
CVE-2008-6764 CVE-2008-3101 |
Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200809-0406 | EDB ID: 32337 |
Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities. CVE-2008-6764CVE-47940 . webapps exploit for PHP platform
| VAR-E-200809-0436 |
CVE-2008-3101 |
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200809-0406 | EDB ID: 32307 |
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities. CVE-2008-3101CVE-47865 . webapps exploit for PHP platform
| VAR-E-200808-0002 | No CVE | ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution | EDB ID: 13298 |
| VAR-E-200808-0268 |
CVE-2008-2370 |
Apache Tomcat 6.0.16 - 'RequestDispatcher' Information Disclosure - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200808-0011 | EDB ID: 32137 |
Apache Tomcat 6.0.16 - 'RequestDispatcher' Information Disclosure. CVE-2008-2370CVE-47463 . remote exploit for Multiple platform
| VAR-E-200807-0001 |
CVE-2010-0437 CVE-2012-0053 CVE-2011-3368 |
Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038 | EDB ID: 33635 |
Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service. CVE-2010-0437CVE-63146 . dos exploit for Linux platform
| VAR-E-200807-0889 |
CVE-2010-0437 CVE-2012-0053 CVE-2011-3368 |
Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service - Linux dos Exploit
Related entries in the VARIoT vulnerabilities database: VAR-201110-0291, VAR-201201-0038 | EDB ID: 33635 |
Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service. CVE-2010-0437CVE-63146 . dos exploit for Linux platform
| VAR-E-200806-0107 |
CVE-2008-2639 |
CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200806-0031 | EDB ID: 6387 |
CitectSCADA ODBC Server - Remote Stack Buffer Overflow (Metasploit). CVE-46105CVE-2008-2639 . remote exploit for Windows platform
| VAR-E-200806-0108 |
CVE-2008-2639 |
CitectSCADA/CitectFacilities ODBC - Remote Buffer Overflow (Metasploit) - Windows remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200806-0031 | EDB ID: 16380 |
CitectSCADA/CitectFacilities ODBC - Remote Buffer Overflow (Metasploit). CVE-2008-2639CVE-46105 . remote exploit for Windows platform
| VAR-E-200806-0300 |
CVE-2008-0960 |
SNMPv3 - HMAC Validation error Remote Authentication Bypass - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200806-0575 | EDB ID: 5790 |
SNMPv3 - HMAC Validation error Remote Authentication Bypass. CVE-2008-0960CVE-98737CVE-55442CVE-55248CVE-46669CVE-46276CVE-46102CVE-46088CVE-46086CVE-46060CVE-46059 . remote exploit for Multiple platform
| VAR-E-200805-0249 |
CVE-2008-2421 |
SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting - Java webapps Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200805-0065 | EDB ID: 31816 |
SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting. CVE-2008-2421CVE-45649 . webapps exploit for Java platform
| VAR-E-200805-0130 |
CVE-2008-2167 |
ZyWALL 100 HTTP Referer Header - Cross-Site Scripting - Multiple remote Exploit
Related entries in the VARIoT vulnerabilities database: VAR-200805-0357 | EDB ID: 31757 |
ZyWALL 100 HTTP Referer Header - Cross-Site Scripting. CVE-2008-2167CVE-45044 . remote exploit for Multiple platform