🛡️ Capgemini CIS - Cybersecurity Italy Red Team CVE Repository 🛡️

Welcome to the repository of Vulnerability Notes (CVEs) published by the Capgemini Italy Red Team! In this repository, we share information about vulnerabilities discovered and analyzed by our cybersecurity team.
We have more than 50 vulnerabilities currently under responsible disclosure programs, all waiting to be disclosed. Stay tuned for more!

📋 List of CVEs

Here you will find a list of CVEs published by our team:

Remote Command Execution in TimeKeeper v. 8.0.17-8.0.27

• CVE-2023-31465
• Proof of Concept (PoC)

Stored Cross-Site Scripting in TimeKeeper v. 8.0.17-8.0.27

• CVE-2023-31466
• Proof of Concept (PoC)

Reflected Cross-Site Scripting in AudimexEE v.15.0

• CVE-2023-39558
• Proof of Concept (PoC)

Full Path Disclosure in AudimexEE v15.0

• CVE-2023-39559
• Proof of Concept (PoC)

XML External Entity injection in RealGimm by GruppoSCAI

• CVE-2023-41635
• Proof of Concept (PoC)

SQL injection in RealGimm by GruppoSCAI

• CVE-2023-41636
• Proof of Concept (PoC)

Stored cross-site scripting in RealGimm by GruppoSCAI

• CVE-2023-41637
• Proof of Concept (PoC)

RCE via Unrestricted file upload in RealGimm by GruppoSCAI

• CVE-2023-41638
• Proof of Concept (PoC)

Information disclosure in RealGimm by GruppoSCAI

• CVE-2023-41640
• Proof of Concept (PoC)

Reflected cross-site scripting in RealGimm by GruppoSCAI

• CVE-2023-41642
• Proof of Concept (PoC)

Reflected cross-site scripting on ServiceNow

• CVE-2023-1298
• Proof of Concept (PoC)

Reflected cross-site scripting on ServiceNow

• CVE-2023-1209
• Proof of Concept (PoC)

📞 Contact

To contact the Capgemini Italy Red Team, you can email us at cisredteam.it@capgemini.com.

Thank you for your interest in our cybersecurity work! We hope this repository can be valuable to the community. 🚀