Total
48 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5342 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. | |||||
CVE-2015-2560 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | |||||
CVE-2017-11346 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | |||||
CVE-2017-7213 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 10.0 HIGH | 10.0 CRITICAL |
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | |||||
CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 10.0 HIGH | N/A |
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | |||||
CVE-2014-9331 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. | |||||
CVE-2014-5006 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader. | |||||
CVE-2014-5005 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate. |