Show filters
54 Total Results
Displaying 41-50 of 54
Sort by:
Attacker Value
Unknown

CVE-2018-8722

Disclosure Date: March 15, 2018 (last updated November 26, 2024)
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
0
0
Attacker Value
Unknown

CVE-2017-16924

Disclosure Date: February 19, 2018 (last updated November 26, 2024)
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
0
0
Attacker Value
Unknown

CVE-2014-7862

Disclosure Date: January 04, 2018 (last updated November 26, 2024)
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
0
0
Attacker Value
Unknown

CVE-2015-8249

Disclosure Date: September 28, 2017 (last updated November 26, 2024)
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
0
0
Attacker Value
Unknown

CVE-2015-2560

Disclosure Date: August 02, 2017 (last updated November 26, 2024)
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
0
0
Attacker Value
Unknown

CVE-2017-11346

Disclosure Date: July 17, 2017 (last updated November 26, 2024)
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
0
0
Attacker Value
Unknown

CVE-2017-7213

Disclosure Date: May 15, 2017 (last updated November 26, 2024)
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2014-9331

Disclosure Date: February 04, 2015 (last updated October 05, 2023)
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do.
0
0
Attacker Value
Unknown

CVE-2014-9371

Disclosure Date: December 16, 2014 (last updated October 05, 2023)
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
0
0
Attacker Value
Unknown

CVE-2014-3996

Disclosure Date: December 05, 2014 (last updated October 05, 2023)
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.
0
0
View More Topics  < Previous  Next >