Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2020-10189
Zoho ManageEngine Desktop Central prior to 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Zohocorp Manageengine Desktop Central
1 EDB exploit
1 Article
1000
VMScore
CVE-2014-5007
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition prior to 9 build 90055 allows remote malicious users to write to and execute arbitrary files as SYSTEM via a .. ...
Zohocorp Manageengine Desktop Central
Zohocorp Manageengine Desktop Central Managed Service Providers
3 EDB exploits
1000
VMScore
CVE-2018-7890
A remote code execution issue exists in Zoho ManageEngine Applications Manager prior to 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls severa...
Zohocorp Manageengine Applications Manager
1 EDB exploit
1000
VMScore
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote malicious users to upload and execute arbitrary files via the ConnectionId parameter.
Manageengine Desktop Central 9.0
1 EDB exploit
3 Github repositories
1000
VMScore
CVE-2007-2429
ManageEngine PasswordManager Pro (PMP) allows remote malicious users to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of t...
Manageengine Passwordmanager Pro
1 EDB exploit
906
VMScore
CVE-2014-5301
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
Manageengine Servicedesk Plus -
Manageengine Assetexplorer -
Manageengine Supportcenter -
Manageengine It360 -
1 EDB exploit
2 Github repositories
905
VMScore
CVE-2015-7766
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and previous versions allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
Zohocorp Manageengine Opmanager 11.6
Zohocorp Manageengine Opmanager
1 EDB exploit
905
VMScore
CVE-2015-7765
ZOHO ManageEngine OpManager 11.5 build 11600 and previous versions uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
Zohocorp Manageengine Opmanager 11.5
1 EDB exploit
1 Github repository
892
VMScore
CVE-2016-9498
ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating syste...
Zohocorp Manageengine Applications Manager 13.0
Zohocorp Manageengine Applications Manager 12.0
891
VMScore
CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and previous versions, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128....
Zohocorp Manageengine Desktop Central
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »