Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine desktop central vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-13411
An issue exists in Zoho ManageEngine Desktop Central prior to 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
Zohocorp Manageengine Desktop Central
1 Github repository
7.8
CVSSv3
CVE-2018-13412
An issue exists in the Self Service Portal in Zoho ManageEngine Desktop Central prior to 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
Zohocorp Manageengine Desktop Central
1 Github repository
9.8
CVSSv3
CVE-2018-11716
An issue exists in Zoho ManageEngine Desktop Central prior to 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching lev...
Zohocorp Manageengine Desktop Central
9.8
CVSSv3
CVE-2018-11717
An issue exists in Zoho ManageEngine Desktop Central prior to 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail se...
Zohocorp Manageengine Desktop Central
7.5
CVSSv3
CVE-2018-12999
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows malicious users to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayic...
Zohocorp Manageengine Desktop Central 10.0.255
7.2
CVSSv3
CVE-2018-5342
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.
Zohocorp Manageengine Desktop Central 10.0.184
Zohocorp Manageengine Desktop Central 10.0.124
9.8
CVSSv3
CVE-2018-5337
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
9.8
CVSSv3
CVE-2018-5338
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
Zohocorp Manageengine Desktop Central 10.0.184
Zohocorp Manageengine Desktop Central 10.0.124
9.8
CVSSv3
CVE-2018-5339
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
7.2
CVSSv3
CVE-2018-5340
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »