The Exploit

Notes from the Front Lines of Penetration Testing

Raxis Administrator

  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
    CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

    By

    Raxis Administrator
    This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.
    Read More
  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
    CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

    By

    Raxis Administrator
    Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).
    Read More
  • CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
    CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

    By

    Raxis Administrator
    Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application.
    Read More
  • Members of the Pensacola Catholic High School “Crubotics” team with their ROV.
    Raxis Supports Pensacola ROV Team

    By

    Raxis Administrator
    Raxis is proud to sponsor the Pensacola Catholic High School “Crubotics” robotics team. Its members will compete in June 2022’s World Championships in Long Beach, California. The event is part the MATE ROV competioton
    Read More
  • CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
    CVE-2022-25245: ManageEngine Asset Explorer Information Leakage

    By

    Raxis Administrator
    Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245
    Read More
  • CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
    CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)

    By

    Raxis Administrator
    Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting.
    Read More
  • Simultaneous Sessions
    Why We Take Simultaneous Sessions Seriously on Penetration Tests

    By

    Raxis Administrator
    Raxis Lead Penetration Tester Matt Dunn explains why you simultaneous sessions is a significant finding on a penetration test.
    Read More
  • Jim McClellan
    Jim McClellan, Marketing Director

    By

    Raxis Administrator
    Raxis’ new marketing director, Jim McClellan, talks about the unusual career path that led from consultant to full-time team member.
    Read More
  • Web App Testing: Part Two
    What is Web App Pentesting? (Part Two)

    By

    Raxis Administrator
    Lead penetration tester Matt Dunn continues his discussion about web application testing. In Part Two, Matt explains testing as an authenticated user vs. as an unauthenticated user.
    Read More
  • Web App Testing: Part One
    What is Web Application Penetration Testing?

    By

    Raxis Administrator
    Learn how Raxis approaches web application testing and how it differs from network penetration testing. Lead penetration tester Matt Dunn explains in this post.
    Read More
  • Matt Dunn Mathur
    Reporting Tools for Large Penetration Tests

    By

    Raxis Administrator
    Raxis lead penetration tester Matt Dunn has developed three new tools to make it easier to compile and present findings from large penetration tests.
    Read More
  • Mark Fabian
    Mark Fabian, Senior Penetration Tester

    By

    Raxis Administrator
    Mark Fabian worked his way up through the IT career field before arriving at his dream job as an ethical hacker.
    Read More