Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zohocorp manageengine desktop central - vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2017-7213
Zoho ManageEngine Desktop Central before build 100082 allows remote malicious users to obtain control over all connected active desktops via unspecified vectors.
Zohocorp Manageengine Desktop Central -
9.8
CVSSv3
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsib...
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.3
Zohocorp Manageengine Adaudit Plus 7.0
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Admanager Plus 7.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Adselfservice Plus 6.2
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Analytics Plus
Zohocorp Manageengine Analytics Plus 5.1
Zohocorp Manageengine Assetexplorer 6.9
Zohocorp Manageengine Assetexplorer
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.4
Zohocorp Manageengine Pam360 5.7
Zohocorp Manageengine Pam360
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Servicedesk Plus
Zohocorp Manageengine Servicedesk Plus 14.0
2 Metasploit modules
6 Github repositories
2 Articles
9.8
CVSSv3
CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and previous versions, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128....
Zohocorp Manageengine Desktop Central
9.8
CVSSv3
CVE-2020-15588
An issue exists in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SY...
Zohocorp Manageengine Desktop Central
1 Github repository
9.8
CVSSv3
CVE-2020-8540
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Zohocorp Manageengine Desktop Central
9.8
CVSSv3
CVE-2020-10189
Zoho ManageEngine Desktop Central prior to 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Zohocorp Manageengine Desktop Central
1 EDB exploit
1 Article
9.8
CVSSv3
CVE-2013-7390
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote malicious users to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in ...
Zohocorp Manageengine Desktop Central
3 EDB exploits
9.8
CVSSv3
CVE-2014-5007
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition prior to 9 build 90055 allows remote malicious users to write to and execute arbitrary files as SYSTEM via a .. ...
Zohocorp Manageengine Desktop Central
Zohocorp Manageengine Desktop Central Managed Service Providers
3 EDB exploits
9.8
CVSSv3
CVE-2018-11717
An issue exists in Zoho ManageEngine Desktop Central prior to 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail se...
Zohocorp Manageengine Desktop Central
9.8
CVSSv3
CVE-2018-11716
An issue exists in Zoho ManageEngine Desktop Central prior to 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching lev...
Zohocorp Manageengine Desktop Central
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »