{"id":2665,"date":"2023-07-18T18:19:44","date_gmt":"2023-07-18T18:19:44","guid":{"rendered":"https:\/\/devel0pment.de\/?page_id=2665"},"modified":"2024-10-10T06:51:21","modified_gmt":"2024-10-10T06:51:21","slug":"about","status":"publish","type":"page","link":"https:\/\/devel0pment.de\/?page_id=2665","title":{"rendered":"About"},"content":{"rendered":"\n

Hi, my name is Stefan Schiller (@scryh_<\/a>). I have been a computer enthusiasts since my early childhood. Nowadays my main focus of interest is security research.<\/p>\n\n\n\n

Discovered Vulnerabilities<\/h2>\n\n\n\n

Here is a list of vulnerabilities I discovered in public software:<\/p>\n\n\n\n

Software<\/strong><\/td>Vulnerability<\/strong><\/td>Impact<\/strong><\/td>CVE<\/strong><\/td>Reference <\/strong><\/td><\/tr>
Overleaf<\/td>Argument Injection<\/td>Load Arbitrary Dictionary File<\/td>CVE-2024-45312<\/td>GitHub<\/a><\/td><\/tr>
Overleaf<\/td>Insecure Default Setting<\/td>RCE<\/td>CVE-2024-45313<\/td>GitHub<\/a><\/td><\/tr>
OpenAPI Generator<\/td>Unvalidated User Input<\/td>Arbitrary File Read \/ Delete<\/td>CVE-2024-35219<\/td>GitHub<\/a><\/td><\/tr>
Wyze Cam v3<\/td>Command Injection<\/td>Assisted RCE<\/td>CVE-2024-6247<\/td>ZDI-24-838<\/a><\/td><\/tr>
Joomla<\/td>Sanitizer Bypass (Cross-Site Scripting)<\/td>Assisted RCE<\/td>CVE-2024-21726<\/td>Blog<\/a><\/td><\/tr>
Firefly III<\/td>Cross-Site Scripting<\/td>Limited by CSP<\/td>CVE-2024-22075<\/td>B<\/a>l<\/a>og<\/a><\/td><\/tr>
Apache Allura (SourceForge)<\/td>Logical (Arbitrary File Read)<\/td>RCE<\/td>CVE-2023-46851<\/td>Blog<\/a><\/td><\/tr>
Squidex<\/td>Cross-Site Scripting<\/td>Assisted RCE<\/td>CVE-2023-46252<\/td>Blog<\/a><\/td><\/tr>
Squidex<\/td>Path Traversal<\/td>RCE<\/td>CVE-2023-46253<\/td>Blog<\/a><\/td><\/tr>
JetBrains TeamCity<\/td>Authentication Bypass<\/td>RCE<\/td>CVE-2023-42793<\/td>Blog<\/a><\/td><\/tr>
DOMSanitizer<\/td>Sanitizer Bypass (Cross-Site Scripting)<\/td>App Specific<\/td>CVE-2023-49146<\/td>Commit<\/a><\/td><\/tr>
Apache Guacamole<\/td>Use-After-Free<\/td>RCE<\/td>CVE-2023-30576<\/td>Patch Notes<\/a><\/td><\/tr>
Apache Guacamole<\/td>Guacamole Protocol Injection<\/td>Information Disclosure, File Read<\/td>CVE-2023-30575<\/td>Patch Notes<\/a><\/td><\/tr>
Apache OpenMeetings<\/td>Null-Byte Injection<\/td>RCE<\/td>CVE-2023-29246<\/td>Patch Notes<\/a><\/td><\/tr>
Apache OpenMeetings<\/td>Logical<\/td>Auth Bypass<\/td>CVE-2023-29032<\/td>Patch Notes<\/a><\/td><\/tr>
Apache OpenMeetings<\/td>Weak Hash Comparison<\/td>Auth Bypass<\/td>CVE-2023-28936<\/td>Patch Notes<\/a><\/td><\/tr>
OpenRefine<\/td>Zip Slip<\/td>Assisted RCE<\/td>CVE-2023-37476<\/td>GitHub<\/a><\/td><\/tr>
NETGEAR RAX30<\/td>Stack-based Buffer Overflow<\/td>RCE<\/td>CVE-2023-34285<\/td>ZDI-23-839<\/a><\/td><\/tr>
Pretalx<\/td>Path Traversal<\/td>Limited File Write<\/td>CVE-2023-28458<\/td>Blog<\/a><\/td><\/tr>
Pretalx<\/td>Path Traversal<\/td>Arbitrary File Read<\/td>CVE-2023-28459<\/td>Blog<\/a><\/td><\/tr>
Netdata<\/td>Command Injection<\/td>RCE<\/td>CVE-2023-22496<\/td>GitHub<\/a><\/td><\/tr>
Netdata<\/td>Logical<\/td>Auth Bypass<\/td>CVE-2023-22497<\/td>GitHub<\/a><\/td><\/tr>
OpenNMS<\/td>Unauthenticated, Stored XSS<\/td>Assisted RCE<\/td>CVE-2023-0846<\/td>GitHub<\/a><\/td><\/tr>
LibreNMS<\/td>Unauthenticated, Stored XSS<\/td>Assisted RCE<\/td>–<\/td>Blog<\/a>, huntr.dev<\/a><\/td><\/tr>
Cacti<\/td>Logical, Command Injection<\/td>RCE<\/td>CVE-2022-46169<\/td>Blog<\/a>, GitHub<\/a><\/td><\/tr>
NagVis<\/td>Type Juggling<\/td>Auth Bypass<\/td>CVE-2022-3979<\/td>Blog<\/a><\/td><\/tr>
NagVis<\/td>Arbitrary File Read<\/td>RCE chain<\/td>CVE-2022-46945<\/td>Blog<\/a><\/td><\/tr>
Checkmk<\/td>Code Injection<\/td>RCE chain<\/td>CVE-2022-46836<\/td>Blog<\/a>, Patch Notes<\/a><\/td><\/tr>
Checkmk<\/td>Line Feed Injection<\/td>RCE chain<\/td>CVE-2022-47909<\/td>Blog<\/a>, Patch Notes<\/a><\/td><\/tr>
Checkmk<\/td>Server-Side Request Forgery<\/td>RCE chain<\/td>CVE-2022-48321<\/td>Blog<\/a>, Patch Notes<\/a><\/td><\/tr>
Open Web Analytics<\/td>Information Disclosure \/ Arbitrary File Write<\/td>RCE<\/td>CVE-2022-24637<\/td>Blog<\/a><\/td><\/tr>
mpv media player<\/td>Format String \/ Heap Overflow<\/td>Assisted RCE<\/td>CVE-2021-30145<\/td>Blog<\/a><\/td><\/tr>
TeamSpeak 3<\/td>Double-Free<\/td>DoS<\/td>–<\/td>Patch Notes<\/a><\/td><\/tr>
AnyDesk<\/td>Format String<\/td>RCE<\/td>CVE-2020-13160<\/td>Blog<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"

Hi, my name is Stefan Schiller (@scryh_). I have been a computer enthusiasts since my early childhood. Nowadays my main focus of interest is security research. Discovered Vulnerabilities Here is a list of vulnerabilities I discovered in public software: Software Vulnerability Impact CVE Reference Overleaf Argument Injection Load Arbitrary Dictionary File CVE-2024-45312 GitHub Overleaf Insecure … <\/p>\n

Continue reading “About”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2665","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/devel0pment.de\/index.php?rest_route=\/wp\/v2\/pages\/2665"}],"collection":[{"href":"https:\/\/devel0pment.de\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/devel0pment.de\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/devel0pment.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devel0pment.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2665"}],"version-history":[{"count":15,"href":"https:\/\/devel0pment.de\/index.php?rest_route=\/wp\/v2\/pages\/2665\/revisions"}],"predecessor-version":[{"id":2690,"href":"https:\/\/devel0pment.de\/index.php?rest_route=\/wp\/v2\/pages\/2665\/revisions\/2690"}],"wp:attachment":[{"href":"https:\/\/devel0pment.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}