Welcome to PwnFuzz

Explore our comprehensive research platform with detailed technical analysis, exploit development guides, and cutting-edge security insights.

CVE 2025-2825 - CrushFTP Authentication Bypass Analysis

March 30, 2025 • D4mianWayne •10 min read

After the news made it’s way to my feeds, having worked on the CrushFTP’s CVE-2024-4040 vulnerability analysis, this sounded like a good thing to do over and maybe I could write …

Exploring Recent CVEs in HPE Insight Remote Support

January 8, 2025 • D4mianWayne •10 min read

In this post, we’ll delve into two critical vulnerabilities recently discovered in the HPE Insight Remote Support (IRS) application, versions prior to v7.14.0.629. These …

Tags: CVE-2024-53676 CVE-2024-53675 Java

CVE 2024-37397 - Ivanti Endpoint Manager XXE Vulnerability

November 24, 2024 • D4mianWayne •13 min read

This blog provides an in-depth analysis of the exploitation process for an unauthenticated XXE vulnerability in Ivanti Endpoint Manager, identified as CVE-2024-37397. Uncovering …

Tags: CVE-2024-37297 .NET OOB-XXE

CVE 2024-4040 - CrushFTP Server-Side Template Injection Vulnerability Analysis

May 9, 2024 • D4mianWayne •23 min read

This blog post contains a thorough analysis of Server Side Template Injection vulnerability in a commercial Managed File Transfer product named CrushFTP. Exploit script is …

Tags: cve-2024-4040 Java SSTI