Code injection

The HTTP API supported by Starry Station aka Starry Router allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the devi...

CVE-2017-13718

The CVE-2017-13718 entry concerns Starry Station (Starry Router) and its HTTP API, where an attacker can brute-force the user PIN to alter Wi‑Fi settings, PINs, port forwards, and expose internal ports via the Internet. The root cause appears to be an API surface (rodman Python module) that allow...

Cyberoam General Authentication Client 2.1.2.7 - (Server Address) Denial of Service Exploit

Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/Cyberoam%20General%20Authentication%20Client%202.1.2.7.zip Tested...

Cyberoam Transparent Authentication Suite 2.1.2.5 - (NetBIOS Name) Denial of Service Exploit

Exploit Title: Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CTAS%202.1.2.5%20Release.zip Tested Version: 2.1.2....

Cyberoam General Authentication Client 2.1.2.7 Server Address Denial Of Service

Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-23 Vendor Homepage: https://www.cyberoam.com Software Link:...

Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)

Exploit Title: Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-23 Vendor Homepage: https://www.cyberoam.com Software Link:...

TapinRadio 2.11.6 - (Address) Denial of Service Exploit

Exploit Title: TapinRadio 2.11.6 - 'Address' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.11.6 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the cras...

TapinRadio 2.11.6 - (Uername) Denial of Service Exploit

Exploit Title: TapinRadio 2.11.6 - 'Uername' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.11.6 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the cras...

RarmaRadio 2.72.3 - Server Denial of Service (PoC)

RarmaRadio 2.72.3 - Server Denial of Service PoC Exploit Title: RarmaRadio 2.72.3 - 'Server' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-21 Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version:...

TapinRadio 2.11.6 Denial Of Service

Exploit Title: TapinRadio 2.11.6 - 'Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-21 Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.11.6 Tested on: Windows 7 Service Pack 1 x6...

RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)

Exploit Title: RarmaRadio 2.72.3 - 'Server' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-21 Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.3 Tested on: Windows 7 Service Pack 1 x64...

RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)

Exploit Title: RarmaRadio 2.72.3 - 'Username' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-21 Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.3 Tested on: Windows 7 Service Pack 1 x64...

TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)

Exploit Title: TapinRadio 2.11.6 - 'Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-21 Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.11.6 Tested on: Windows 7 Service Pack 1 x6...

Deluge 1.3.15 - Webseeds Denial of Service (PoC)

Deluge 1.3.15 - Webseeds Denial of Service PoC Exploit Title: Deluge 1.3.15 - 'Webseeds' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-20 Vendor Homepage: https://dev.deluge-torrent.org/ Software Link:...

Deluge 1.3.15 - (URL) Denial of Service Exploit

Exploit Title: Deluge 1.3.15 - 'URL' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on: Windows 7 Service Pack 1 x64 Steps t...

Deluge 1.3.15 - (Webseeds) Denial of Service Exploit

Exploit Title: Deluge 1.3.15 - 'Webseeds' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on: Windows 7 Service Pack 1 x64...

Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)

Exploit Title: Deluge 1.3.15 - 'Webseeds' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-20 Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on:...

BulletProof FTP Server 2019.0.0.50 - Storage-Path Denial of Service (PoC)

BulletProof FTP Server 2019.0.0.50 - Storage-Path Denial of Service PoC Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link:...

BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC)

Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested...

Axessh 4.2 - (Log file name) Denial of Service Exploit

Exploit Title: Axessh 4.2 'Log file name' - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/axessh.exe Tested Version: 4.2 Tested on: Windows 7 Service Pack 1 x32 Steps to produce the crash: 1.- Run python code:...