Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine desktop central vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-10859
Zoho ManageEngine Desktop Central prior to 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
Zohocorp Manageengine Desktop Central
6.1
CVSSv3
CVE-2023-4767
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote malicious user to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/16131...
Zohocorp Manageengine Desktop Central 9.1.0
6.1
CVSSv3
CVE-2023-4768
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote malicious user to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/16131...
Zohocorp Manageengine Desktop Central 9.1.0
6.1
CVSSv3
CVE-2019-15510
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.
Zohocorp Manageengine Desktop Central 10.0
6.1
CVSSv3
CVE-2018-16833
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
Zohocorp Manageengine Desktop Central 10.0.271
6.1
CVSSv3
CVE-2018-8722
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
Zohocorp Manageengine Desktop Central 9.1.0
5.4
CVSSv3
CVE-2019-16962
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
Zohocorp Manageengine Desktop Central 10.0.430
5.3
CVSSv3
CVE-2022-23779
Zoho ManageEngine Desktop Central prior to 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
Zohocorp Manageengine Desktop Central
2 Github repositories
NA
CVE-2014-9331
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central prior to 9 build 90130 allows remote malicious users to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/...
Zohocorp Manageengine Desktop Central
1 EDB exploit
NA
CVE-2014-9371
The NativeAppServlet in ManageEngine Desktop Central MSP prior to 90075 allows remote malicious users to execute arbitrary code via a crafted JSON object.
Zohocorp Manageengine Desktop Central
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »