Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
manageengine desktop central vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-15588
An issue exists in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SY...
Zohocorp Manageengine Desktop Central
1 Github repository
NA
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP prior to 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker...
Zohocorp Manageengine Desktop Central
765
VMScore
CVE-2013-7390
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote malicious users to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in ...
Zohocorp Manageengine Desktop Central
3 EDB exploits
890
VMScore
CVE-2017-7213
Zoho ManageEngine Desktop Central before build 100082 allows remote malicious users to obtain control over all connected active desktops via unspecified vectors.
Zohocorp Manageengine Desktop Central -
891
VMScore
CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and previous versions, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128....
Zohocorp Manageengine Desktop Central
445
VMScore
CVE-2018-11716
An issue exists in Zoho ManageEngine Desktop Central prior to 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching lev...
Zohocorp Manageengine Desktop Central
1000
VMScore
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote malicious users to upload and execute arbitrary files via the ConnectionId parameter.
Manageengine Desktop Central 9.0
1 EDB exploit
2 Github repositories
356
VMScore
CVE-2020-10859
Zoho ManageEngine Desktop Central prior to 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
Zohocorp Manageengine Desktop Central
445
VMScore
CVE-2020-8509
Zoho ManageEngine Desktop Central prior to 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.
Zohocorp Manageengine Desktop Central
668
VMScore
CVE-2020-8540
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Zohocorp Manageengine Desktop Central
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »