Skip to content
View nhienit2010's full-sized avatar
:shipit:
n00b3r
:shipit:
n00b3r

Block or report nhienit2010

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
nhienit2010/README.md

Nhien Pham (@nhienit)

Profile

Work Experiences

  • Security Engineer @ Galaxy One (1.2023 - Now)
  • Security Engineer @ Techlab Corporation (1.2022 - 12.2022)

Education

  • Member of KCSC (KMA Cyber Security Club) @ Vietnam Academy of Cryptography Techniques
  • Information Security Student @ Vietnam Academy of Cryptography Techniques (2018 - 2023)

Certifications

Publications

  • Technical write-up about SQL Injection leads to Remote Code Execution (RCE) on ManageEngine ADAudit Plus
  • Authored a technical write-up on CVE-2024-5443 (Remote Code Execution) published on the Huntr Blog

Awards

  • 2026 MSRC Q1 Leaderboard
  • 2025 Adobe Researcher Hall of Fame
  • 2024 Informatica Security Researcher Hall of Fame
  • 2024 LG Electronics Vulnerability Report & Reward
  • 2023 Zoho Corp Hacker Board Hall of Fame
  • 2023 Huntr Q2 Top 1 Leaderboard Monthly
  • 2022 ASEAN Student Contest on Information Security Contest (ASCIS) by VNISA - Finalist
  • 2021 ASEAN Student Contest on Information Security Contest (ASCIS) by VNISA - Second Prize

Vulnerability Disclosure

2026

  • Updating ...
  • CVE-2026-40417: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
  • CVE-2026-21672: Veeam Backup & Replication Local Privilege Escalation Vulnerability
  • CVE-2026-21666: Veeam Backup & Replication Remote Code Execution Vulnerability

2025

  • CVE-2025-54261: Adobe ColdFusion Arbitrary File Write Remote Code Execution Vulnerability
  • CVE-2025-61823: Adobe ColdFusion Authenticated Blind XML External Entity Injection Vulnerability
  • CVE-2025-61812: Adobe ColdFusion Arbitrary File Write Remote Code Execution Vulnerablity
  • CVE-2025-61822: Adobe ColdFusion Path Traversal Arbitrary File Deletion Vulnerability
  • CVE-2025-49538: Adobe ColdFusion Authentication Bypass XML External Entity Injection Vulnerability
  • CVE-2025-50213: Apache Airflow Providers Snowflake Sql Injection Vulnerability

2024

  • CVE-2024-45498: Apache Airflow Authenticated Command Injection Remote Code Execution Vulnerability
  • CVE-2024-21791: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
  • CVE-2024-36518: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
  • CVE-2024-5487: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
  • CVE-2024-5527: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
  • CVE-2024-27310: ME ADSelfService Plus Unauthenticated LDAP Injection Denial-of-Service Vulnerability
  • CVE-2024-5443: LoLLMs Unauthenticated Path Traversal Remote Code Execution Vulnerability
  • CVE-2024-2359: LoLLMs Code Execution Remote Code Execution Vulnerability
  • CVE-2024-2362: LoLLMs Arbitrary File Deletion Vulnerability
  • CVE-2024-2548: LoLLMs Path Traversal Local File Read Vulnerability
  • CVE-2024-4322: LoLLMs Path Traversal Information Disclosure Vulnerability
  • CVE-2024-4881: LoLLMs Path Traversal Local File Read Vulnerability
  • CVE-2024-1699: PaddlePaddle Command Injection Remote Code Execution Vulnerability

2023

  • CVE-2023-48792: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
  • CVE-2023-48793: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
  • CVE-2023-49335: ME ADAudit Plus Authenticated Sql Injection Remote Code Execution Vulnerability
  • CVE-2023-3491: FossBilling Arbitrary File Upload Remote Code Execution Vulnerability
  • CVE-2023-3490: FossBilling Pre-authentication Sql Injection Vulnerability
  • CVE-2023-3026: Draw.io Cross-Site Scripting Vulnerability
  • CVE-2023-29770: Sentrifugo Arbitrary File Upload Remote Code Execution Vulnerability
  • CVE-2023-29769: Sentrifugo Pre-authentication Sql Injection Authentication Bypass Vulnerability

Pinned Loading

  1. ctf-tools ctf-tools Public

    Forked from truongkma/ctf-tools

    tổng hợp tool ctf

    Perl

  2. CTF_Writeup CTF_Writeup Public

    Writeup for some CTF challenge

    Python 2 2

  3. Web-CTF-Cheatsheet Web-CTF-Cheatsheet Public

    Forked from w181496/Web-CTF-Cheatsheet

    Web CTF CheatSheet 🐈

    Ruby 1

  4. ysoserial ysoserial Public

    Forked from frohoff/ysoserial

    A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

    Java 1

  5. WebProject WebProject Public

    JavaScript

  6. My-CTF-Challenge My-CTF-Challenge Public

    CTF Challenge by me

    CSS 9 1