Vulnerability Management

Penetration Testing | Security Recommendations

Accepting Penetration Test Risks & How Compensating Controls Can Help
ByTim Semchenko December 17, 2024

Tim Semchenko discusses documenting acceptance of risks and implementing compensating controls as options when pentest findings cannot be fixed immediately.

Read More Accepting Penetration Test Risks & How Compensating Controls Can Help
Exploits

RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x
ByBrad Herring October 31, 2022

In the cyberworld, news of a critical vulnerability affecting OpenSSL versions 3.0 – 3.0.6 will likely be the scariest part of Halloween ’22.

Read More RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x
Exploits

CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
ByRaxis Research Team October 21, 2022July 28, 2025

This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor.

Read More CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
Exploits

CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
ByRaxis Research Team July 21, 2022July 28, 2025

Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777).

Read More CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
Exploits

CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
ByRaxis Research Team June 7, 2022September 5, 2025

Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245

Read More CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
Exploits

CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
ByRaxis Research Team May 17, 2022July 28, 2025

Raxis’ Matt Dunn continues his prolific discovery of new CSS CVEs. This one affects ManageEngine AD SelfService Plus Stored Cross-Site Scripting.

Read More CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
Web Apps

What is Web App Pentesting? (Part Two)
ByRaxis Research Team March 4, 2022August 22, 2025

Lead penetration tester Matt Dunn continues his discussion about web application testing. In Part Two, Matt explains testing as an authenticated user vs. as an unauthenticated user.

Read More What is Web App Pentesting? (Part Two)
How To | Penetration Testing

How to Hire a Penetration Testing Firm – Part 1
ByBonnie Smyre February 25, 2022July 28, 2025

Raxis’ COO Bonnie Smyre offers some helpful hints about how to start the process of hiring a penetration testing company.

Read More How to Hire a Penetration Testing Firm – Part 1
Web Apps

What is Web Application Penetration Testing?
ByRaxis Research Team February 18, 2022June 3, 2025

Learn how Raxis approaches web application testing and how it differs from network penetration testing. Lead penetration tester Matt Dunn explains in this post.

Read More What is Web Application Penetration Testing?
Tips For Everyone

Entering the Metaverse: You are the Real Commodity
ByMark Puckett December 21, 2021

Raxis’ CEO Mark Puckett explains why we might not wake up in the metaverse tomorrow, but why we should be prepared as we move toward an even more digitized reality.

Read More Entering the Metaverse: You are the Real Commodity
How To | Security Recommendations

New Metasploit Module for Penetration Testing: Azure AD Login Scanner
ByRaxis Research Team November 23, 2021June 16, 2025

Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.

Read More New Metasploit Module for Penetration Testing: Azure AD Login Scanner
Exploits | How To

Cross-Site Scripting (XSS): Filter Evasion and Sideloading
ByRaxis Research Team November 12, 2021June 3, 2025

In this second in a series, learn how to perform Cross-Site Scripting (XSS) attacks such as filter evasion and sideloading content.

Read More Cross-Site Scripting (XSS): Filter Evasion and Sideloading

Vulnerability Management

Accepting Penetration Test Risks & How Compensating Controls Can Help

RAXIS THREAT ALERT: VULNERABILITY IN OPENSSL v3.0.x

CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection

CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References

CVE-2022-25245: ManageEngine Asset Explorer Information Leakage

CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)

What is Web App Pentesting? (Part Two)

How to Hire a Penetration Testing Firm – Part 1

What is Web Application Penetration Testing?

Entering the Metaverse: You are the Real Commodity

New Metasploit Module for Penetration Testing: Azure AD Login Scanner

Cross-Site Scripting (XSS): Filter Evasion and Sideloading

About Raxis

Resources