Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine desktop central - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-5337
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
7.5
CVSSv2
CVE-2018-5339
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
7.5
CVSSv2
CVE-2018-5341
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
6.5
CVSSv2
CVE-2018-5342
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.
Zohocorp Manageengine Desktop Central 10.0.184
Zohocorp Manageengine Desktop Central 10.0.124
7.5
CVSSv2
CVE-2018-5338
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
Zohocorp Manageengine Desktop Central 10.0.184
Zohocorp Manageengine Desktop Central 10.0.124
6.5
CVSSv2
CVE-2018-5340
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
6.4
CVSSv2
CVE-2021-44757
Zoho ManageEngine Desktop Central prior to 10.1.2137.9 and Desktop Central MSP prior to 10.1.2137.9 allow malicious users to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.
Zohocorp Manageengine Desktop Central
Zohocorp Manageengine Desktop Central Managed Service Providers
10
CVSSv2
CVE-2014-5007
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition prior to 9 build 90055 allows remote malicious users to write to and execute arbitrary files as SYSTEM via a .. ...
Zohocorp Manageengine Desktop Central
Zohocorp Manageengine Desktop Central Managed Service Providers
3 EDB exploits
10
CVSSv2
CVE-2020-10189
Zoho ManageEngine Desktop Central prior to 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Zohocorp Manageengine Desktop Central
1 EDB exploit
1 Article
10
CVSSv2
CVE-2014-9371
The NativeAppServlet in ManageEngine Desktop Central MSP prior to 90075 allows remote malicious users to execute arbitrary code via a crafted JSON object.
Zohocorp Manageengine Desktop Central
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »