Exploits

Discover expert insights on the latest exploits, penetration testing tactics, and real-world vulnerabilities to strengthen your cybersecurity defenses.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

Articles Categorized as Exploits

  • OPENSSL v3.0.x: Critical Threat Alert
    RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x
    In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.
    Read More
  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
    CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
    This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.
    Read More
  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
    CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
    Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).
    Read More
  • CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
    CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
    Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application.
    Read More
  • CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
    CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
    Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245
    Read More
  • Exploiting Dirty Pipe (CVE-2022-0847)
    Exploiting Dirty Pipe (CVE-2022-0847)
    The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files that are owned by root, allowing privilege escalation.
    Read More