About

Hi, my name is Stefan Schiller (@scryh_). I have been a computer enthusiasts since my early childhood. Nowadays my main focus of interest is security research.

Discovered Vulnerabilities

Here is a list of vulnerabilities I discovered in public software:

Software	Vulnerability	Impact	CVE	Reference
Guacamole	Use-After-Free	RCE	CVE-2023-30576	Patch Notes
Guacamole	Guacamole Protocol Injection	Information Disclosure, File Read	CVE-2023-30575	Patch Notes
OpenMeetings	Null-Byte Injection	RCE	CVE-2023-29246	Patch Notes
OpenMeetings	Logical	Auth Bypass	CVE-2023-29032	Patch Notes
OpenMeetings	Weak Hash Comparison	Auth Bypass	CVE-2023-28936	Patch Notes
OpenRefine	Zip Slip	Assisted RCE	CVE-2023-37476	GitHub
NETGEAR RAX30	Stack-based Buffer Overflow	RCE	CVE-2023-34285	ZDI-23-839
Pretalx	Path Traversal	Limited File Write	CVE-2023-28458	Blog
Pretalx	Path Traversal	Arbitrary File Read	CVE-2023-28459	Blog
Netdata	Command Injection	RCE	CVE-2023-22496	GitHub
Netdata	Logical	Auth Bypass	CVE-2023-22497	GitHub
OpenNMS	Unauthenticated, Stored XSS	Assisted RCE	CVE-2023-0846	GitHub
LibreNMS	Unauthenticated, Stored XSS	Assisted RCE	–	Blog, huntr.dev
Cacti	Logical, Command Injection	RCE	CVE-2022-46169	Blog, GitHub
NagVis	Type Juggling	Auth Bypass	CVE-2022-3979	Blog
NagVis	Arbitrary File Read	RCE chain	CVE-2022-46945	Blog
Checkmk	Code Injection	RCE chain	CVE-2022-46836	Blog, Patch Notes
Checkmk	Line Feed Injection	RCE chain	CVE-2022-47909	Blog, Patch Notes
Checkmk	Server-Side Request Forgery	RCE chain	CVE-2022-48321	Blog, Patch Notes
Open Web Analytics	Information Disclosure / Arbitrary File Write	RCE	CVE-2022-24637	Blog
mpv media player	Format String / Heap Overflow	Assisted RCE	CVE-2021-30145	Blog
TeamSpeak 3	Double-Free	DoS	–	Patch Notes
AnyDesk	Format String	RCE	CVE-2020-13160	Blog