Hosein Askari (FarazPajohan)

5 exploits Active since Feb 2017
CVE-2017-7938 EXPLOITDB MEDIUM text WORKING POC
DMitry 1.3a - Stack-based Buffer Overflow via Long Argument
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
CVSS 6.6
CVE-2017-9430 EXPLOITDB CRITICAL text WORKING POC
dnstracer < 1.9 - Stack-based Buffer Overflow via Long Command Line Argument
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.
CVSS 9.8
CVE-2017-5972 EXPLOITDB HIGH c WORKING POC
Linux Kernel 3.0.0-3.19.8 - Denial of Service via TCP SYN Flood
The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.
CVSS 7.5
CVE-2018-10070 EXPLOITDB HIGH text WORKING POC
MikroTik Router Firmware 6.41.4 - Unauthenticated Denial of Service via Malformed FTP Request
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.
CVSS 7.5
CVE-2017-6444 EXPLOITDB HIGH c WORKING POC
MikroTik RouterOS 6.25 - Denial of Service via Unsolicited TCP ACK Packets
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation.
CVSS 7.5