Christian Mehlmauer

31 exploits Active since Jul 2009
CVE-2025-34123 METASPLOIT HIGH ruby WORKING POC
VideoCharge Studio 2.12.3.685 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can exploit this vulnerability by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user.
EIP-2026-118056 EXPLOITDB ruby WORKING POC
VideoCharge Studio - Local Buffer Overflow (SEH) (Metasploit)
CVE-2011-4885 EXPLOITDB python WORKING POC
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2013-2010 EXPLOITDB CRITICAL ruby WORKING POC
W3 Total Cache < 0.9.2.8 - Remote PHP Code Execution
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVSS 9.8
CVE-2014-4725 EXPLOITDB ruby WORKING POC
MailPoet Newsletters <2.6.7 - Auth Bypass
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
CVE-2014-8598 EXPLOITDB ruby WORKING POC
MantisBT < 1.2.17 - Unauthenticated Arbitrary File Upload and Information Disclosure via XML Import/Export Plugin
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.