Log4 Exploit Walkthrough
Log4j: How to Exploit and Test this Critical Vulnerability

Raxis demonstrates how to obtain a remote shell on a target system using a Log4j[…]

OPENSSL v3.0.x: Critical Threat Alert
RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x

In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will[…]

CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

This CSS vulnerability, discovered by Raxis lead penetration tester Matt Mathur, lies in a device’s[…]

CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).

CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

Matt Dunn discovers another ManageEngine vulnerability, this one in the Support Center Plus application.

CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
CVE-2022-25245: ManageEngine Asset Explorer Information Leakage

Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer

Exploiting Dirty Pipe (CVE-2022-0847)
Exploiting Dirty Pipe (CVE-2022-0847)

The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files[…]

CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)

Raxis lead penetration tester Matt Dunn continues his prolific discovery of new cross-site scripting CVEs.[…]

Submit Button
Hackers See Opportunity Where You See Only a Button

In this post, Raxis VP Brad Herring explains how web proxy tools can turn even[…]

Cross-Site Scripting: Filter Evasion & Sideloading Payloads
Cross-Site Scripting (XSS): Filter Evasion and Sideloading

In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such[…]

2021 OWASP Top 10
OWASP Top 10: Broken Access Control

In this blog post, Raxis lead penetration tester Mark Fabian discusses broken access control and[…]

2021 OWASP Top 10
2021 OWASP Top 10 Focus: Injection Attacks

The latest draft of the OWASP Top 10 has been released. Though injection is now[…]