Research Blog

Want More In-Depth Research?

Explore our comprehensive research platform with detailed technical analysis, exploit development guides, and cutting-edge security insights.

Visit Labs

CVE 2024-4040 - CrushFTP Server-Side Template Injection Vulnerability Analysis

2024-05-09

This blog post contains a thorough analysis of Server Side Template Injection vulnerability in a commercial Managed File Transfer product named CrushFTP. Exploit script is available. The post covers the vulnerability, exploitation, and the underlying custom templating engine that led to the issue, with code and analysis.

D4mianwayne
Read More
cve-2024-4040JavaSSTI+1

CVE 2025-2825 - CrushFTP Authentication Bypass Analysis

2025-03-30

This post analyzes the authentication bypass vulnerability in CrushFTP, including patch diffing, code analysis, and exploit methodology. It details the affected versions, the patch, and the logic flaw that allowed unauthenticated access, with code snippets and step-by-step breakdown.

D4mianwayne
Read More
CVE-2025-2825Javaauth-bypass+1

Exploring Recent CVEs in HPE Insight Remote Support

2025-01-08

This post explores two critical vulnerabilities in HPE Insight Remote Support: an unauthenticated XXE and a remote code execution flaw. It covers the technical details, exploitation process, and provides proof-of-concept code and analysis for both vulnerabilities.

D4mianwayne
Read More
CVE-2024-53676CVE-2024-53675Java+3

CVE-2024-37397 - Ivanti Endpoint Manager XXE Vulnerability

2024-11-24

This post provides an in-depth analysis of the exploitation process for an unauthenticated XXE vulnerability in Ivanti Endpoint Manager. It covers the technical background, vulnerable code, and exploitation steps, with a focus on the XML parsing logic.

D4mianwayne
Read More
CVE-2024-37397XXEJava+1