Articles Categorized as Exploits
-
CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting. -
Hackers See Opportunity Where You See Only a ButtonIn this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack. -
Cross-Site Scripting (XSS): Filter Evasion and SideloadingIn this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content. -
OWASP Top 10: Broken Access ControlIn this blog post, Raxis lead penetration tester Mark Fabian discusses broken access control and why it’s the most prevalent issue among the OWASP Top 10. -
2021 OWASP Top 10 Focus: Injection Attacks for Penetration TestingThe latest draft of the OWASP Top 10 has been released. Though injection is #3, Raxis’ Matt Dun explains why that doesn’t mean the threat is any less severe. -
ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).
