Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine desktop central vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-37414
Zoho ManageEngine DesktopCentral prior to 10.0.709 allows anyone to get a valid user's APIKEY without authentication.
Zohocorp Manageengine Desktop Central
8.8
CVSSv3
CVE-2021-46164
Zoho ManageEngine Desktop Central prior to 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.
Zohocorp Manageengine Desktop Central
6.5
CVSSv3
CVE-2021-46166
Zoho ManageEngine Desktop Central prior to 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.
Zohocorp Manageengine Desktop Central
9.8
CVSSv3
CVE-2020-10189
Zoho ManageEngine Desktop Central prior to 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Zohocorp Manageengine Desktop Central
1 EDB exploit
1 Article
8.8
CVSSv3
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP prior to 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker...
Zohocorp Manageengine Desktop Central
NA
CVE-2014-9331
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central prior to 9 build 90130 allows remote malicious users to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/...
Zohocorp Manageengine Desktop Central
1 EDB exploit
NA
CVE-2014-9371
The NativeAppServlet in ManageEngine Desktop Central MSP prior to 90075 allows remote malicious users to execute arbitrary code via a crafted JSON object.
Zohocorp Manageengine Desktop Central
9.8
CVSSv3
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote malicious users to upload and execute arbitrary files via the ConnectionId parameter.
Manageengine Desktop Central 9.0
1 EDB exploit
3 Github repositories
NA
CVE-2014-5006
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) prior to 9 build 90055 allows remote malicious users to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
Zohocorp Manageengine Desktop Central
2 EDB exploits
5.3
CVSSv3
CVE-2022-23779
Zoho ManageEngine Desktop Central prior to 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
Zohocorp Manageengine Desktop Central
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »