About – devel0pment.de

Hi, my name is Stefan Schiller (@scryh_). I have been a computer enthusiasts since my early childhood. Nowadays my main focus of interest is security research.

Discovered Vulnerabilities

Here is a list of vulnerabilities I discovered in public software:

Software	Vulnerability	Impact	CVE	Reference
Overleaf	Argument Injection	Load Arbitrary Dictionary File	CVE-2024-45312	GitHub
Overleaf	Insecure Default Setting	RCE	CVE-2024-45313	GitHub
OpenAPI Generator	Unvalidated User Input	Arbitrary File Read / Delete	CVE-2024-35219	GitHub
Wyze Cam v3	Command Injection	Assisted RCE	CVE-2024-6247	ZDI-24-838
Joomla	Sanitizer Bypass (Cross-Site Scripting)	Assisted RCE	CVE-2024-21726	Blog
Firefly III	Cross-Site Scripting	Limited by CSP	CVE-2024-22075	B l og
Apache Allura (SourceForge)	Logical (Arbitrary File Read)	RCE	CVE-2023-46851	Blog
Squidex	Cross-Site Scripting	Assisted RCE	CVE-2023-46252	Blog
Squidex	Path Traversal	RCE	CVE-2023-46253	Blog
JetBrains TeamCity	Authentication Bypass	RCE	CVE-2023-42793	Blog
DOMSanitizer	Sanitizer Bypass (Cross-Site Scripting)	App Specific	CVE-2023-49146	Commit
Apache Guacamole	Use-After-Free	RCE	CVE-2023-30576	Patch Notes
Apache Guacamole	Guacamole Protocol Injection	Information Disclosure, File Read	CVE-2023-30575	Patch Notes
Apache OpenMeetings	Null-Byte Injection	RCE	CVE-2023-29246	Patch Notes
Apache OpenMeetings	Logical	Auth Bypass	CVE-2023-29032	Patch Notes
Apache OpenMeetings	Weak Hash Comparison	Auth Bypass	CVE-2023-28936	Patch Notes
OpenRefine	Zip Slip	Assisted RCE	CVE-2023-37476	GitHub
NETGEAR RAX30	Stack-based Buffer Overflow	RCE	CVE-2023-34285	ZDI-23-839
Pretalx	Path Traversal	Limited File Write	CVE-2023-28458	Blog
Pretalx	Path Traversal	Arbitrary File Read	CVE-2023-28459	Blog
Netdata	Command Injection	RCE	CVE-2023-22496	GitHub
Netdata	Logical	Auth Bypass	CVE-2023-22497	GitHub
OpenNMS	Unauthenticated, Stored XSS	Assisted RCE	CVE-2023-0846	GitHub
LibreNMS	Unauthenticated, Stored XSS	Assisted RCE	–	Blog, huntr.dev
Cacti	Logical, Command Injection	RCE	CVE-2022-46169	Blog, GitHub
NagVis	Type Juggling	Auth Bypass	CVE-2022-3979	Blog
NagVis	Arbitrary File Read	RCE chain	CVE-2022-46945	Blog
Checkmk	Code Injection	RCE chain	CVE-2022-46836	Blog, Patch Notes
Checkmk	Line Feed Injection	RCE chain	CVE-2022-47909	Blog, Patch Notes
Checkmk	Server-Side Request Forgery	RCE chain	CVE-2022-48321	Blog, Patch Notes
Open Web Analytics	Information Disclosure / Arbitrary File Write	RCE	CVE-2022-24637	Blog
mpv media player	Format String / Heap Overflow	Assisted RCE	CVE-2021-30145	Blog
TeamSpeak 3	Double-Free	DoS	–	Patch Notes
AnyDesk	Format String	RCE	CVE-2020-13160	Blog