Gabriel Ferreira de Menezes - Security Researcher

CVE-2024-46479 WRITEUP CRITICAL WRITEUP

Venki Supravizio BPM <= 18.0.1 - Authenticated Arbitrary File Upload and Remote Code Execution

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

CVSS 9.9

View Code

CVE-2024-46480 WRITEUP HIGH WRITEUP

Venki Supravizio BPM < 18.0.1 - Authenticated NTLM Hash Leak

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

CVSS 8.4

View Code

CVE-2024-46481 WRITEUP HIGH WRITEUP

Venki Supravizio BPM < 18.1.1 - Open Redirect and Reflected Cross-Site Scripting

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

CVSS 7.2

View Code

CVE-2024-46479 WRITEUP CRITICAL WRITEUP

Venki Supravizio BPM <= 18.0.1 - Authenticated Arbitrary File Upload and Remote Code Execution

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

CVSS 9.9

View Code

CVE-2024-46480 WRITEUP HIGH WRITEUP

Venki Supravizio BPM < 18.0.1 - Authenticated NTLM Hash Leak

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

CVSS 8.4

View Code

CVE-2024-46481 WRITEUP HIGH WRITEUP

Venki Supravizio BPM < 18.1.1 - Open Redirect and Reflected Cross-Site Scripting

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

CVSS 7.2

View Code

CVE-2024-55196 WRITEUP HIGH WRITEUP

gophish v0.12.1 - Cleartext Storage of Sensitive Information in Mail Server Configuration

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.

CVSS 7.5

View Code