Ulrich Bayer

35 exploits Active since Aug 2017
CVE-2024-5658 WRITEUP MEDIUM WRITEUP
born05/two-factor_authentication < 3.3.4 - Improper Authentication via TOTP Token Reuse
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
CVSS 4.8
CVE-2024-5676 WRITEUP MEDIUM WRITEUP
Paradox IP150 Internet Module <1.40.00 - CSRF
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.
CVSS 6.8
CVE-2025-32919 WRITEUP HIGH WRITEUP
Checkmk 2.1.0-2.4.0 - Privilege Escalation via Insecure Temporary Directory
Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL).
CVSS 7.8
CVE-2025-39663 WRITEUP HIGH WRITEUP
Checkmk < 2.4.0p14, 2.3.0p39, 2.2.0, 2.1.0 - Cross-Site Scripting via Service Output Injection
Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol).
CVSS 8.4
CVE-2025-39664 WRITEUP MEDIUM WRITEUP
Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 - Authenticated Path Traversal in Report Scheduler
Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.
CVSS 6.5
CVE-2025-41255 WRITEUP HIGH WRITEUP
Cyberduck <9.1.6 - Mountain Duck <4.17.5 - Info Disclosure
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.
CVSS 8.0
CVE-2025-41256 WRITEUP HIGH WRITEUP
Cyberduck <9.1.6 - Mountain Duck <4.17.5 - TLS Pinning Weakness
Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.
CVSS 7.4
CVE-2025-52901 WRITEUP MEDIUM WRITEUP
File Browser <2.33.9 - Info Disclosure
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user's account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9.
CVSS 4.5
CVE-2025-52996 WRITEUP LOW WRITEUP
File Browser <2.32.0 - Info Disclosure
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file through a direct download link. This link can either be shared unknowingly by a user or discovered from various locations such as the browser history or the log of a proxy server used. At time of publication, no known patched versions are available.
CVSS 3.1
CVE-2025-52997 WRITEUP MEDIUM WRITEUP
File Browser <2.34.1 - Info Disclosure
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a brute-force attack to retrieve the passwords of all accounts in a given instance. This issue has been patched in version 2.34.1.
CVSS 5.9