Technical deep dives into security, engineering, and fuzzing.
This article contains a full breakdown of a stack-based buffer overflow vulnerability found in Sante PACS Server version before 4.2.0 (Credits: Tenable Research). The whole application is built on top of the C, meaning we will deal with full reverse engineering, IDA pseudocode, disassemblers and debugger shenanigans.
Comprehensive analysis of CVE-2025-2825, a critical authentication bypass vulnerability in CrushFTP. Technical deep dive into the root cause of the vulnerability, patch analysis and exploitation process.
In this post, we’ll delve into two vulnerabilities recently discovered in the HPE Insight Remote Support (IRS) application, versions prior to v7.14.0.629. These vulnerabilities—CVE-2024-53675 (unauthenticated XXE vulnerability) and CVE-2024-53676 (Remote Code Execution, or RCE vulnerability)—pose significant security risks, allowing unauthorized access and arbitrary code execution on vulnerable systems.
This blog provides an in-depth analysis of the exploitation process for an unauthenticated External XML Entity (XXE) vulnerability in Ivanti Endpoint Manager, identified as CVE-2024-37397.
This blog post contains a thorough analysis of Server Side Template Injection vulnerability identified in CrushFTP and identified as CVE-2024-4040, patch analysis and exploitation process explained.