Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
desktop central vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-5007
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition prior to 9 build 90055 allows remote malicious users to write to and execute arbitrary files as SYSTEM via a .. ...
Zohocorp Manageengine Desktop Central
Zohocorp Manageengine Desktop Central Managed Service Providers
3 EDB exploits
9.8
CVSSv3
CVE-2019-8385
An issue exists in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote malicious user to list or enumerate sensitive co...
Thomsonreuters Concourse Matter Room
Thomsonreuters Firm Central Desktop
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2018-11716
An issue exists in Zoho ManageEngine Desktop Central prior to 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching lev...
Zohocorp Manageengine Desktop Central
9.8
CVSSv3
CVE-2018-11717
An issue exists in Zoho ManageEngine Desktop Central prior to 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail se...
Zohocorp Manageengine Desktop Central
9.8
CVSSv3
CVE-2018-5338
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
Zohocorp Manageengine Desktop Central 10.0.184
Zohocorp Manageengine Desktop Central 10.0.124
9.8
CVSSv3
CVE-2018-5341
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
9.8
CVSSv3
CVE-2018-5337
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
9.8
CVSSv3
CVE-2018-5339
An issue exists in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
Zohocorp Manageengine Desktop Central 10.0.124
Zohocorp Manageengine Desktop Central 10.0.184
9.8
CVSSv3
CVE-2017-16924
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows malicious users to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt...
Zohocorp Manageengine Desktop Central 10.0.137
9.8
CVSSv3
CVE-2014-7862
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote malicious users to create administrator accounts via an addPlugInUser action.
Zohocorp Desktop Central
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »