Recent Posts
CVE 2025-2825 - CrushFTP Authentication Bypass Analysis
·2033 words·10 mins
After the news made it’s way to my feeds, having worked on the CrushFTP’s CVE-2024-4040 vulnerability analysis, this sounded like a good thing to do over and maybe I could write the exploit before anyone but unfortunately Project Discovery guys beat me to it.
Exploring Recent CVEs in HPE Insight Remote Support
·1952 words·10 mins
In this post, we’ll delve into two critical vulnerabilities recently discovered in the HPE Insight Remote Support (IRS) application, versions prior to v7.14.0.629. These vulnerabilities—CVE-2024-53675 (unauthenticated XXE vulnerability) and CVE-2024-53676 (Remote Code Execution, or RCE vulnerability)—pose significant security risks, allowing unauthorized access and arbitrary code execution on vulnerable systems.
CVE 2024-37397 - Ivanti Endpoint Manager XXE Vulnerability
·2762 words·13 mins
This blog provides an in-depth analysis of the exploitation process for an unauthenticated XXE vulnerability in Ivanti Endpoint Manager, identified as CVE-2024-37397.
Uncovering the ImportXml Vulnerability # This vulnerability was identified by 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 and detailed in the ZDI advisory, which provided key information about the affected component.