Aljosha Judmayer

39 exploits Active since Aug 2017
CVE-2015-8299 NOMISEC CRITICAL WORKING POC
KNX ETS 4.1.5 Build 3246 - Remote Code Execution via Crafted KNXnet/IP UDP Packet
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
CVSS 9.8
CVE-2015-8299 WRITEUP CRITICAL WORKING POC
KNX ETS 4.1.5 Build 3246 - Remote Code Execution via Crafted KNXnet/IP UDP Packet
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
CVSS 9.8
CVE-2025-41258 WRITEUP HIGH WRITEUP
LibreChat RAG API Authentication Bypass
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
CVSS 8.0
CVE-2026-33265 WRITEUP MEDIUM WRITEUP
LibreChat 0.8.1-rc2 - Authenticated JWT Scope Expansion to RAG API
In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.
CVSS 6.3
CVE-2025-64999 WRITEUP MEDIUM WRITEUP
Checkmk 2.4.0-2.4.0p21/2.3.0-2.3.0p42 - XSS
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link.
CVSS 5.4
CVE-2025-41257 WRITEUP MEDIUM WORKING POC
Suprema BioStar 2 2.9.11.6 - Auth Bypass
Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
CVSS 4.8
CVE-2015-5243 WRITEUP CRITICAL WRITEUP
phpwhois < 4.2.2 - Remote Code Execution via Crafted Whois Record
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.
CVSS 9.8
CVE-2018-13982 WRITEUP HIGH WRITEUP
Smarty < 3.1.33 - Path Traversal via Trusted Resource Directory Bypass
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
CVSS 7.5
CVE-2018-17532 WRITEUP CRITICAL WRITEUP
Teltonika RUT9XX <00.04.233 - Command Injection
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
CVSS 9.8
CVE-2018-17533 WRITEUP MEDIUM WRITEUP
Teltonika RUT9XX Firmware < 00.05.01.1 - Reflected Cross-Site Scripting via hotspotlogin.cgi
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
CVSS 6.1
CVE-2018-17534 WRITEUP MEDIUM WRITEUP
Teltonika RUT9XX <00.04.233 - Privilege Escalation
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
CVSS 6.8
CVE-2019-13564 WRITEUP MEDIUM WRITEUP
Ping Identity Agentless Integration Kit <1.5 - XSS
XSS exists in Ping Identity Agentless Integration Kit before 1.5.
CVSS 6.1
CVE-2019-16520 WRITEUP MEDIUM WORKING POC
All in One SEO Pack < 3.2.7 - Stored Cross-Site Scripting via SEO Description Placeholder
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
CVSS 5.4
CVE-2019-16521 WRITEUP MEDIUM WRITEUP
WordPress Broken Link Checker <1.11.8 - XSS
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
CVSS 6.1
CVE-2019-16522 WRITEUP MEDIUM WRITEUP
EU Cookie Law < 3.0.6 - Authenticated Stored Cross-Site Scripting via Configuration Options
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.
CVSS 4.8
CVE-2019-16523 WRITEUP MEDIUM WRITEUP
Events Manager < 5.9.5 - Stored Cross-Site Scripting via Shortcode Map Style Attribute
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
CVSS 5.4
CVE-2019-16524 WRITEUP MEDIUM WRITEUP
Easy FancyBox < 1.8.18 - Stored Cross-Site Scripting in Settings Menu
The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.
CVSS 4.8
CVE-2020-14055 WRITEUP MEDIUM WRITEUP
Monsta FTP < 2.10.1 - Stored Cross-Site Scripting in Language Setting
Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding.
CVSS 6.1
CVE-2020-14056 WRITEUP CRITICAL WRITEUP
Monsta FTP < 2.10.1 - Server-Side Request Forgery via Web Fetch Functionality
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.
CVSS 9.8
CVE-2020-14057 WRITEUP CRITICAL WRITEUP
Monsta FTP < 2.10.1 - Arbitrary File Read and Write via Path Traversal
Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.
CVSS 9.8
CVE-2020-36771 WRITEUP HIGH WRITEUP
CloudLinux CageFS <7.1.1-1 - Code Injection
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.
CVSS 7.8
CVE-2020-36772 WRITEUP MEDIUM WORKING POC
CloudLinux CageFS <7.0.8.2 - Info Disclosure
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
CVSS 4.4
CVE-2022-24129 WRITEUP HIGH WRITEUP
Shibboleth oidc_op < 3.0.4 - Server-Side Request Forgery via request_uri Parameter
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.
CVSS 8.2
CVE-2022-38335 WRITEUP MEDIUM WRITEUP
vtiger CRM < 7.4.0 - Stored Cross-Site Scripting via Email Template Modules
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
CVSS 5.4
CVE-2023-51059 WRITEUP HIGH WRITEUP
MOKOSmart MKGW1 BLE Gateway <1.1.1 - Privilege Escalation
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.
CVSS 8.8