During my journey through the cyberspace (yes!), I stumbled upon some vulnerabilities in different software. And because I like to document those vulnerabilities in a clean and complete manner, I also register CVE numbers and create write-ups to disclose them to the world and make them known security vulnerabilities.

While I’m really happy that I was able to identify some vulnerabilities, I don’t belong to the persons using those numbers like trophies. Please see this table as a part of clean documentation and disclosure.

Product(s) Details
nzbget Authenticated Remote Code Execution in nzbget [writeup]:
  • CVE-2023-49102: Authenticated Remote Code Execution [goto]
N.V.K. Inter Co., LTD., iBSG v3.5 Three Vulnerabilities in iBSG 3.5 [writeup]:
  • CVE-2023-39809: Critical misconfiguration [goto]
  • CVE-2023-39808: Authorized Remote Code Execution [goto]
  • CVE-2023-39807: Unauthorized SQL injection [goto]
TINC GmbH, Mailcow Remote Code Execution in Mailcow [writeup]:
  • CVE-2021-29257: Conditional Remote Code Execution as root [goto]
Abus KG, various cameras Five Vulnerabilities in ABUS cameras [writeup]:
  • CVE-2018-17879: Unauthorized Remote Code Execution via OS injection [goto]
  • CVE-2018-17878: Unauthorized Remote Code Execution via multiple Buffer Overflows [goto]
  • CVE-2018-17559: Authentication Bypass [goto]
  • CVE-2018-17558: Remote Code Execution via hardcoded administrator [goto]
  • CVE-2018-16739: Unauthorized Remote Code Execution through arbitrary file read/write [goto]