Skip to content
Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Cloud, VPC, and Internal Networks
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
      • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Cloud, VPC, and Internal Networks
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
      • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us

The Exploit

Raxis Cybersecurity Insights From the Frontlines

  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
    Exploits

    CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

    ByRaxis Research Team July 21, 2022July 28, 2025

    Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).

    Read More CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object ReferencesContinue

  • CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
    Exploits

    CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

    ByRaxis Research Team July 6, 2022July 28, 2025

    Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application.

    Read More CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)Continue

  • Simultaneous Sessions
    Security Recommendations

    Why We Take Simultaneous Sessions Seriously on Penetration Tests

    ByRaxis Research Team April 8, 2022September 5, 2025

    Raxis Lead Penetration Tester Matt Dunn explains why you simultaneous sessions is a significant finding on a penetration test.

    Read More Why We Take Simultaneous Sessions Seriously on Penetration TestsContinue

  • Web App Testing: Part Two
    Web Apps

    What is Web App Pentesting? (Part Two)

    ByRaxis Research Team March 4, 2022August 22, 2025

    Lead penetration tester Matt Dunn continues his discussion about web application testing. In Part Two, Matt explains testing as an authenticated user vs. as an unauthenticated user.

    Read More What is Web App Pentesting? (Part Two)Continue

  • Web App Testing: Part One
    Web Apps

    What is Web Application Penetration Testing?

    ByRaxis Research Team February 18, 2022June 3, 2025

    Learn how Raxis approaches web application testing and how it differs from network penetration testing. Lead penetration tester Matt Dunn explains in this post.

    Read More What is Web Application Penetration Testing?Continue

  • Matt Dunn Mathur
    How To | Penetration Testing

    Reporting Tools for Large Penetration Tests

    ByRaxis Research Team February 11, 2022

    Raxis lead penetration tester Matt Dunn has developed three new tools to make it easier to compile and present findings from large penetration tests.

    Read More Reporting Tools for Large Penetration TestsContinue

  • Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    Patching | Security Recommendations

    Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

    ByRaxis Research Team September 17, 2021

    Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack.

    Read More Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156Continue

  • PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    Patching | Security Recommendations

    PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

    ByRaxis Research Team August 20, 2021July 28, 2025

    Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here.

    Read More PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)Continue

  • Unescaped JavaScript Tags
    Exploits

    ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)

    ByRaxis Research Team June 11, 2021July 28, 2025

    Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).

    Read More ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)Continue

  • Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
    Exploits

    Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)

    ByRaxis Research Team May 20, 2021July 26, 2025

    Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage Engine AD Self Service Plus (CVE-2021-27956). Find out more here.

    Read More Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)Continue

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Pentest
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube