Research Blog

Want More In-Depth Research?

Explore our comprehensive research platform with detailed technical analysis, exploit development guides, and cutting-edge security insights.

Visit Labs

The Cryptographic Blind Spot: Sante PACS Server's Decryption Overflow Unveiled

2025-07-21

This article contains a full breakdown of a stack-based buffer overflow vulnerability found in Sante PACS Server version before 4.2.0 (Credits: Tenable Research). The whole application is built on top of the C, meaning we will deal with full reverse engineering, IDA pseudocode, disassemblers and debugger shenanigans.

D4mianWayne
Read More
CVE-2025-2263Buffer Overflow

CVE 2024-37397 - Ivanti Endpoint Manager XXE Vulnerability

2024-11-24

This blog provides an in-depth analysis of the exploitation process for an unauthenticated External XML Entity (XXE) vulnerability in Ivanti Endpoint Manager, identified as CVE-2024-37397.

D4mianWayne
Read More
CVE-2024-37297.NETOOB-XXE+1

Exploring Recent CVEs in HPE Insight Remote Support

2025-01-08

In this post, we’ll delve into two vulnerabilities recently discovered in the HPE Insight Remote Support (IRS) application, versions prior to v7.14.0.629. These vulnerabilities—CVE-2024-53675 (unauthenticated XXE vulnerability) and CVE-2024-53676 (Remote Code Execution, or RCE vulnerability)—pose significant security risks, allowing unauthorized access and arbitrary code execution on vulnerable systems.

D4mianWayne
Read More
CVE-2024-53676CVE-2024-53675Java+3

CVE 2025-2825 - CrushFTP Authentication Bypass Analysis

2025-03-30

Comprehensive analysis of CVE-2025-2825, a critical authentication bypass vulnerability in CrushFTP. Technical deep dive into the root cause of the vulnerability, patch analysis and exploitation process.

D4mianWayne
Read More
CVE-2025-2825Javaauth-bypass+4

CVE 2024-4040 - CrushFTP Server-Side Template Injection Vulnerability Analysis

2024-05-09

This blog post contains a thorough analysis of Server Side Template Injection vulnerability identified in CrushFTP and identified as CVE-2024-4040, patch analysis and exploitation process explained.

D4mianWayne
Read More
cve-2024-4040JavaSSTI+1