Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5340 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries). | |||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | |||||
| CVE-2015-2560 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | |||||
| CVE-2017-11346 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | |||||
| CVE-2017-7213 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
| Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | |||||
| CVE-2014-9331 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. | |||||
| CVE-2014-5005 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate. | |||||
| CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 10.0 HIGH | N/A |
| The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | |||||
| CVE-2014-5006 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-12-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader. | |||||