Exploits
Blog Archive Category
The Exploit articles categorized as Exploits
-
CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
By Raxis Research Team Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application. July 6, 2022 -
CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
By Raxis Research Team Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245 June 7, 2022 -
Exploiting Dirty Pipe (CVE-2022-0847)
By Andrew Trexler The Dirty Pipe vulnerability (CVE-2022-0847) allows any user to write to read-only files, including files that are owned by root, allowing privilege escalation. May 26, 2022 -
CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
By Raxis Research Team Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting. May 17, 2022 -
Hackers See Opportunity Where You See Only a Button
By Brad Herring In this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack. April 1, 2022 -
Cross-Site Scripting (XSS): Filter Evasion and Sideloading
By Raxis Research Team In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content. November 12, 2021
