Responsible Vulnerability Disclosure CVE-2019-15510: ManageEngine DesktopCentral v 10 – Vulnerable to HTML Injection


ManageEngine DesktopCentral is a Unified Endpoint Management (UEM) solution that helps manage servers, desktops, virtual machines, mobile phones, tablets, Its features includes Patch Management, Software Deployment, Remote Desktop Sharing, IT Asset Management, Desktop Configurations, Service Pack Installation, Active Directory Reports, User Administration, Mobile Device Management and many more.

Cross-Origin Resource Sharing (CORS) Exploit/ How to exploit CORS


CORS (Cross-Origin Resource Sharing) provides a mechanism to share resources outside the original domain to other domains purposefully but in a controlled manner, If CORS policy is not strongly implemented or enforced it may lead to a cross domain based attacks such as leaking sensitive information to an outside domain such as credentials, API Keys etc.

Responsible Vulnerability Disclosure CVE-2019-12954 Solarwinds Network Performance Monitor Orion platform-2018 npm 12-3 netpath 1-1-3 vulnerable for stored xss


NPM is a powerful network monitoring software that enables you to quickly detect, diagnose, and resolve network performance problems and outages. NPM uses to identify network elements. During Discovery, NPM scans the network for nodes, and when a node and associated elements are found, you can add them to the SolarWinds database for monitoring.

Responsible Vulnerability Disclosure CVE-2019-12863: – Stored HTML Injection vulnerability in SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4)


SolarWinds® Network Performance Monitor (NPM) is a powerful and affordable network monitoring software that enables you to quickly detect, diagnose, and resolve network performance problems and outages. NPM is a Multi-vendor network monitoring that scales and expands with the needs of your network, Key Features includes  Multi-vendor network monitoring, Network Insights for deeper visibility, Intelligent maps, NetPath and PerfStack for easy troubleshooting, Smarter scalability for large environments and Advanced alerting.

SSL Pinning Bypass via Frida


SSL pinning allows the application to only trust the valid or pre-defined certificate or Public Key. The application developer uses SSL pinning technique as an additional security layer for application traffic. As normally, application trusts custom certificate and allows application to intercept the traffic. But in the SSL Pinning implementation, application does not trust custom certificates and does not allow proxy tools to intercept the traffic.

Core impact training

Core Impact Training eSec Forte provides training for corporate and Industry ...