Several months ago, whilst on a client engagement, I identified a number of zerodays in an enterprise asset management application called EasyInstall. This gave me, among other things, elevation of privilege on managed assets, a wealth of information for recon, and – most interestingly – unauthenticated remote secure wipe of any asset.
The blog on these vulnerabilities has been published on my employers website at https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue