Christian Mehlmauer

26 exploits Active since Jul 2009
CVE-2018-7600 NOMISEC CRITICAL WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
72 stars
CVSS 9.8
CVE-2014-8598 METASPLOIT ruby WORKING POC
MantisBT 1.2.x - Info Disclosure
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
CVE-2015-8562 METASPLOIT ruby WORKING POC
Joomla! <3.4.6 - Code Injection
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
CVE-2014-7146 EXPLOITDB ruby WORKING POC
MantisBT <1.2.17 - RCE
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2011-4858 WRITEUP WORKING POC
Apache Tomcat < 5.5.35 - Resource Management Error
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-5034 WRITEUP WORKING POC
Apache Geronimo < 2.2.1 - Improper Input Validation
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
CVE-2014-5266 METASPLOIT ruby WORKING POC
Wordpress < 3.9.1 - Resource Management Error
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
CVE-2025-34120 METASPLOIT HIGH ruby WORKING POC
LimeSurvey <2.06+ Build 151014 - Info Disclosure
An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allowing attackers to specify arbitrary file paths using a crafted `datasupdateinfo` payload. The files are packaged in a ZIP archive and made available for download without authentication. This vulnerability can be exploited to read arbitrary files on the host system, including sensitive OS and configuration files.
CVE-2011-4885 METASPLOIT ruby WORKING POC
Php < 5.3.8 - Improper Input Validation
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2015-0235 METASPLOIT ruby SCANNER
Exim GHOST (glibc gethostbyname) Buffer Overflow
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVE-2014-0160 METASPLOIT HIGH ruby WORKING POC
OpenSSL <1.0.1g - Info Disclosure
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS 7.5
CVE-2013-0235 METASPLOIT ruby SCANNER
Wordpress < 3.5.0 - SSRF
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.
CVE-2009-2335 METASPLOIT ruby WORKING POC
WordPress <2.8.1 - Info Disclosure
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
CVE-2013-2010 METASPLOIT CRITICAL ruby WORKING POC
Automattic WP Super Cache < 1.2 - Injection
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVSS 9.8
CVE-2014-4725 METASPLOIT ruby WORKING POC
MailPoet Newsletters <2.6.7 - Auth Bypass
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
CVE-2011-3923 METASPLOIT CRITICAL ruby WORKING POC
Apache Struts <2.3.1.2 - Command Injection
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVSS 9.8
CVE-2015-10143 METASPLOIT CRITICAL ruby WORKING POC
Platform theme <1.4.4 - Privilege Escalation
The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the *_ajax_save_options() function in all versions up to 1.4.4 (exclusive). This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS 9.8
CVE-2015-6835 METASPLOIT CRITICAL ruby WORKING POC
Joomla HTTP Header Unauthenticated Remote Code Execution
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
CVSS 9.8
CVE-2014-7146 METASPLOIT ruby WORKING POC
MantisBT <1.2.17 - RCE
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2014-3704 METASPLOIT ruby WORKING POC
Drupal < 7.32 - SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
CVE-2025-34123 METASPLOIT HIGH ruby WORKING POC
VideoCharge Studio 2.12.3.685 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can exploit this vulnerability by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user.
EIP-2026-118056 EXPLOITDB ruby WORKING POC
VideoCharge Studio - Local Buffer Overflow (SEH) (Metasploit)
CVE-2011-4885 EXPLOITDB python WORKING POC
Php < 5.3.8 - Improper Input Validation
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2013-2010 EXPLOITDB CRITICAL ruby WORKING POC
Automattic WP Super Cache < 1.2 - Injection
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVSS 9.8
CVE-2014-4725 EXPLOITDB ruby WORKING POC
MailPoet Newsletters <2.6.7 - Auth Bypass
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.