Sign-up

VARIoT IoT exploits database

Affected products: vendor, model and version
Type can be e.g: Remote Code Execution or Denial of Service
Look up free text in title and description

VAR-E-200303-0036 CVE-2002-1337
 Sendmail 8.12.x - Header Processing Buffer Overflow (1) - Unix remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200303-0122		 EDB ID: 22313
Sendmail 8.12.x - Header Processing Buffer Overflow (1). CVE-2002-1337CVE-4502 . remote exploit for Unix platform
VAR-E-200302-0118 No CVE Axis Communications Video Server 2.x - 'Command.cgi' File Creation - CGI remote Exploit EDB ID: 22311
Axis Communications Video Server 2.x - 'Command.cgi' File Creation.. remote exploit for CGI platform
VAR-E-200302-0154 No CVE Multiple Vendor Session Initiation Protocol Vulnerabilities No EDB ID
The Oulu University Secure Programming Group has reported numerous vulnerabilities in Session Initiation Protocol (SIP) implementations. These issues may be exploited to cause a denial of services in devices which implement the protocol. It has also been reported that unauthorized access to devices may occur under some circumstances. These issues are related to handling of SIP INVITE messages. Exploitation and the specific nature of each vulnerability may depend on the particular implementation.
VAR-E-200302-0065 CVE-2003-0100
 Cisco IOS 11/12 - OSPF Neighbor Buffer Overflow - Hardware remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200303-0056		 EDB ID: 22271
Cisco IOS 11/12 - OSPF Neighbor Buffer Overflow. CVE-2003-0100CVE-6455 . remote exploit for Hardware platform
VAR-E-200212-0151 No CVE Axis Embedded Device Authentication Buffer Overflow Vulnerability No EDB ID
Axis Network Cameras, Video Servers, and Network Digital Video Recorders contain an unchecked buffer in the authentication code of their embedded web server. Exploitation may result in a denial of service or potential execution of arbitrary code.
VAR-E-200212-0108 No CVE Cisco OSM Line Cards Denial Of Service Vulnerability No EDB ID
A vulnerability has been discovered in OSM Line Cards when installed in various Cisco devices. Cisco has reported that a denial of service may occur when processing an irregularly constructed network packet. Exploitation of this issue will cause the Cisco device to no longer forward legitimate packets. Precise technical details regarding this vulnerability are not yet known. This BID will be updated as further information becomes available.
VAR-E-200209-0086 No CVE Cisco IP Phone 7960 Unsigned Content Weakness No EDB ID
The Cisco IP Phone 7960 uses TFTP (Trivial File Transfer Protocol) to download firmware images and configuration files. TFTP does not provide authentication. Firmware images are not signed, so there is no way for a client to determine that firmware is authentic. Firmware images with a higher version number are trusted by the vulnerable devices and will be retrieved and installed automatically when the devices are booted. This process is done transparently, without any user interaction. If the attacker can compromise the TFTP server, then it is possible to cause malicious firmware to be installed in vulnerable devices. It is also possible to exploit this weakness if the attacker has control over a server which appears to the device to be the authentic TFTP server. It is also theoretically possible for an attacker to substitute a malicious configuration file by exploiting this weakness.
VAR-E-200206-0117 No CVE Cisco SSH Denial of Service Vulnerability No EDB ID
While addressing vulnerabilities described in http://www.cisco.com/warp/public/707/SSH-multiple-pub.html, a denial of service condition has been inadvertently introduced into firmware upgrades. Firmware for routers and switches (IOS), Catalyst 6000 switches running CatOS, Cisco PIX Firewall and Cisco 11000 Content Service Switch devices may be vulnerable. Cisco has reported that scanning for SSH vulnerabilities on affected devices will cause excessive CPU consumption. The condition is due to a failure of the Cisco SSH implementation to properly process large SSH packets. Repeated and concurrent attacks may result in a denial of device service. As many of these devices are critical infrastructure components, more serious network outages may occur. Cisco has released upgrades that will eliminate this vulnerability.
VAR-E-200202-0006 CVE-2002-0013
CVE-2002-0012
CVE-1999-1570
 Cisco IOS 11/12 - SNMP Message Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200202-0006, VAR-200205-0149, VAR-200202-0007		 EDB ID: 21296
Cisco IOS 11/12 - SNMP Message Denial of Service. CVE-2002-0013CVE-3664 . dos exploit for Hardware platform
VAR-E-200201-0108 CVE-2002-0033
 Solaris 2/7/8/9 cachefsd - Remote Heap Overflow - Solaris remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200205-0137		 EDB ID: 21437
Solaris 2/7/8/9 cachefsd - Remote Heap Overflow. CVE-2002-0033CVE-779 . remote exploit for Solaris platform
VAR-E-200107-0050 CVE-2001-0554
 Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow - Unix remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200108-0064		 EDB ID: 21018
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow. CVE-2001-0554CVE-809 . remote exploit for Unix platform
VAR-E-200106-0064 CVE-2001-0706
 Rumpus FTP Server 1.3.x/2.0.3 - Stack Overflow Denial of Service - OSX dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200109-0069		 EDB ID: 20922
Rumpus FTP Server 1.3.x/2.0.3 - Stack Overflow Denial of Service. CVE-2001-0706CVE-1865 . dos exploit for OSX platform
VAR-E-200105-0080 No CVE Rumpus FTP Server Plaintext Password Vulnerability No EDB ID
Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. Passwords are stored in plaintext format in the prefs folder. If access to the prefs folder is not restricted then a remote user may view the plaintext password file and access any user account on the server.
VAR-E-200105-0081 CVE-2001-0646
 Maxum Rumpus FTP Server 1.3.2/1.3.4/2.0.3 dev - Remote Denial of Service - OSX dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200109-0058		 EDB ID: 20845
Maxum Rumpus FTP Server 1.3.2/1.3.4/2.0.3 dev - Remote Denial of Service. CVE-2001-0646CVE-1823 . dos exploit for OSX platform
VAR-E-200105-0108 CVE-2001-0566
 Cisco Catalyst 2900 12.0 - '5.2'XU SNMP Empty UDP Packet Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200108-0076		 EDB ID: 20824
Cisco Catalyst 2900 12.0 - '5.2'XU SNMP Empty UDP Packet Denial of Service. CVE-2001-0566CVE-56278 . dos exploit for Hardware platform
VAR-E-200104-0100 No CVE Cisco Catalyst 802.1x Frame Forwarding Vulnerability No EDB ID
The Catalyst Switch is a high performance, low cost switch distributed by Cisco Systems. It is designed to offer scalability, ease of use, and modular configuration for maximum flexibility. A problem with the 5000 and 2900 series switches could make it possible to deny service to legitimate users of network resources. By sending a 802.1x frame to a switch with spanning tree protocol blocked port, the frame is forwarded on through the VLAN managed by the switch. This causes a storm of 802.1x frames. Therefore, it is possible for a remote user to create a 802.1x frame storm on the segment of VLAN managed by the Catalyst Switch, affecting performance, and potentially creating a Denial of Service.
VAR-E-200104-0050 CVE-2001-0414
 NTPd - Remote Buffer Overflow - Linux remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200106-0170		 EDB ID: 20727
NTPd - Remote Buffer Overflow. CVE-2001-0414CVE-805 . remote exploit for Linux platform
VAR-E-200102-0016 CVE-2001-0144
 SSH 1.2.x - CRC-32 Compensation Attack Detector - Unix remote Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200103-0055		 EDB ID: 20617
SSH 1.2.x - CRC-32 Compensation Attack Detector. CVE-2001-0144CVE-795 . remote exploit for Unix platform
VAR-E-200102-0124 No CVE PKCS #1 Version 1.5 Session Key Retrieval Vulnerability No EDB ID
The data encryption techniques described in RSA's PKCS #1 standard are used in many protocols which rely on, at least in part, the security provided by public-key cryptography systems. Several protocols which implement the digital enveloping method described in version 1.5 of the PKCS #1 standard are susceptible to an adaptive ciphertext attack which may allow the recovery of session keys, thus compromising the integrity of the data transmitting during that session. By capturing and logging the packets transmitted between a client and a server, an opponent could make use of a captured encrypted session key to launch a Bleichenbacher attack together with a simple timing attack. If the session key is successfully decrypted, the saved packets can easily be decrypted in a uniform manner. Interactive key establishment protocols, such as SSH or SSL, are generally significantly more susceptible to successful attacks.
VAR-E-200012-0073 CVE-2001-0080
 Cisco Catalyst 4000/5000/6000 6.1 - SSH Protocol Mismatch Denial of Service - Hardware dos Exploit

Related entries in the VARIoT vulnerabilities database: VAR-200102-0052		 EDB ID: 20509
Cisco Catalyst 4000/5000/6000 6.1 - SSH Protocol Mismatch Denial of Service. CVE-2001-0080CVE-7183 . dos exploit for Hardware platform