My Work

Below is some of my published work. If you have any questions or want to get in contact with me, you can do so here. As a full-time student, this unfortunatelly is only a hobbie for me.

Disclosed Vulnerabilities

CVE-2021-4031 - Syltek Insufficient Verification of Data Authenticity

Payment bypass vulnerability disclosure in Playtomic’s Syltek software, present in all versions before 10.22.00, where an attacker can forge a request and bypass the payment system by marking items as payed without any verification.

CVE-2022-42908 - Stored XSS in WEPA Print Away

Improper neutralization of uploaded filenames in WEPA Print Away led to a stored XSS persistent across user sessions. Vulnerability was fixed by the WEPA security team.

CVE-2022-42909 - Improper Access Control in WEPA Print Away

WEPA Print Away did not verify that a user had authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don’t own and print them without authorization. Vulnerability was fixed by the WEPA security team.