Ulrich Bayer

35 exploits Active since Aug 2017
CVE-2025-41258 WRITEUP HIGH WRITEUP
LibreChat RAG API Authentication Bypass
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
CVSS 8.0
CVE-2026-33265 WRITEUP MEDIUM WRITEUP
LibreChat 0.8.1-rc2 - Auth Bypass
In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.
CVSS 6.3
CVE-2025-64999 WRITEUP MEDIUM WRITEUP
Checkmk 2.4.0-2.4.0p21/2.3.0-2.3.0p42 - XSS
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link.
CVSS 5.4
CVE-2015-5243 WRITEUP CRITICAL WRITEUP
phpWhois - RCE
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.
CVSS 9.8
CVE-2015-8300 WRITEUP HIGH WRITEUP
Polycom BToE Connector <3.0.0 - Privilege Escalation
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
CVSS 7.8
CVE-2018-13982 WRITEUP HIGH WRITEUP
Smarty < 3.1.33 - Path Traversal
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
CVSS 7.5
CVE-2018-17532 WRITEUP CRITICAL WRITEUP
Teltonika RUT9XX <00.04.233 - Command Injection
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
CVSS 9.8
CVE-2018-17533 WRITEUP MEDIUM WRITEUP
Teltonika RUT9XX <00.05.01.1 - XSS
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
CVSS 6.1
CVE-2018-17534 WRITEUP MEDIUM WRITEUP
Teltonika RUT9XX <00.04.233 - Privilege Escalation
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
CVSS 6.8
CVE-2019-13564 WRITEUP MEDIUM WRITEUP
Ping Identity Agentless Integration Kit <1.5 - XSS
XSS exists in Ping Identity Agentless Integration Kit before 1.5.
CVSS 6.1
CVE-2019-16521 WRITEUP MEDIUM WRITEUP
WordPress Broken Link Checker <1.11.8 - XSS
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
CVSS 6.1
CVE-2019-16522 WRITEUP MEDIUM WRITEUP
eu-cookie-law plugin <3.0.6 - XSS
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.
CVSS 4.8
CVE-2019-16523 WRITEUP MEDIUM WRITEUP
Events Manager <5.9.5 - XSS
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
CVSS 5.4
CVE-2019-16524 WRITEUP MEDIUM WRITEUP
Easy FancyBox <1.8.18 - XSS
The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.
CVSS 4.8
CVE-2020-14055 WRITEUP MEDIUM WRITEUP
Monstaftp Monsta FTP < 2.10.1 - XSS
Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding.
CVSS 6.1
CVE-2020-14056 WRITEUP CRITICAL WRITEUP
Monstaftp Monsta FTP < 2.10.1 - SSRF
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services.
CVSS 9.8
CVE-2020-14057 WRITEUP CRITICAL WRITEUP
Monstaftp Monsta FTP < 2.10.1 - Remote Code Execution
Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execution in common deployments.
CVSS 9.8
CVE-2020-36771 WRITEUP HIGH WRITEUP
CloudLinux CageFS <7.1.1-1 - Code Injection
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.
CVSS 7.8
CVE-2022-24129 WRITEUP HIGH WRITEUP
OIDC OP <3.0.4 - SSRF
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.
CVSS 8.2
CVE-2022-38335 WRITEUP MEDIUM WRITEUP
Vtiger CRM v7.4.0 - XSS
Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.
CVSS 5.4
CVE-2023-51059 WRITEUP HIGH WRITEUP
MOKOSmart MKGW1 BLE Gateway <1.1.1 - Privilege Escalation
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.
CVSS 8.8
CVE-2024-13918 WRITEUP HIGH WRITEUP
Laravel Framework < 11.36.0 - XSS
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
CVSS 8.0
CVE-2024-13919 WRITEUP HIGH WRITEUP
Laravel Framework < 11.36.0 - XSS
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
CVSS 8.0
CVE-2024-41800 WRITEUP MEDIUM WRITEUP
Craftcms Craft Cms < 5.2.3 - Authentication Bypass
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
CVSS 4.8
CVE-2024-5657 WRITEUP LOW WRITEUP
CraftCMS <3.3.3 - Info Disclosure
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.
CVSS 3.7