Gabriel Ferreira de Menezes - Security Researcher

CVE-2024-46479 WRITEUP CRITICAL WRITEUP

Venki Supravizio Bpm < 18.0.1 - Unrestricted File Upload

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

CVSS 9.9

View Code

CVE-2024-46480 WRITEUP HIGH WRITEUP

Venki Supravizio Bpm < 18.0.1 - Insufficiently Protected Credentials

An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.

CVSS 8.4

View Code

CVE-2024-46481 WRITEUP HIGH WRITEUP

Venki Supravizio Bpm < 18.1.1 - Open Redirect

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

CVSS 7.2

View Code

CVE-2024-55196 WRITEUP HIGH WRITEUP

Gophish - Cleartext Storage

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.

CVSS 7.5

View Code