Blog

Responsible Vulnerability Disclosure CVE-2019-15510: ManageEngine DesktopCentral v 10 – Vulnerable to HTML Injection

INTRODUCTION

ManageEngine DesktopCentral is a Unified Endpoint Management (UEM) solution that helps manage servers, desktops, virtual machines, mobile phones, tablets, Its features includes Patch Management, Software Deployment, Remote Desktop Sharing, IT Asset Management, Desktop Configurations, Service Pack Installation, Active Directory Reports, User Administration, Mobile Device Management and many more.

Responsible Vulnerability Disclosure CVE-2019-12954 Solarwinds Network Performance Monitor Orion platform-2018 npm 12-3 netpath 1-1-3 vulnerable for stored xss

INTRODUCTION

NPM is a powerful network monitoring software that enables you to quickly detect, diagnose, and resolve network performance problems and outages. NPM uses to identify network elements. During Discovery, NPM scans the network for nodes, and when a node and associated elements are found, you can add them to the SolarWinds database for monitoring.

Responsible Vulnerability Disclosure CVE-2019-12863: – Stored HTML Injection vulnerability in SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4)

INTRODUCTION

SolarWinds® Network Performance Monitor (NPM) is a powerful and affordable network monitoring software that enables you to quickly detect, diagnose, and resolve network performance problems and outages. NPM is a Multi-vendor network monitoring that scales and expands with the needs of your network, Key Features includes  Multi-vendor network monitoring, Network Insights for deeper visibility, Intelligent maps, NetPath and PerfStack for easy troubleshooting, Smarter scalability for large environments and Advanced alerting.

SSL Pinning Bypass via Frida

INTRODUCTION

SSL pinning allows the application to only trust the valid or pre-defined certificate or Public Key. The application developer uses SSL pinning technique as an additional security layer for application traffic. As normally, application trusts custom certificate and allows application to intercept the traffic. But in the SSL Pinning implementation, application does not trust custom certificates and does not allow proxy tools to intercept the traffic.