Zohocorp

Manageengine Desktop Central

48 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-15510

Exploit
  • EPSS 3.82%
  • Published 23.03.2020 14:15:12
  • Last modified 21.11.2024 04:28:53

ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.

9.8

CVE-2020-8540

  • EPSS 22.47%
  • Published 11.03.2020 17:15:16
  • Last modified 21.11.2024 05:38:59

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XM...

10

CVE-2020-10189

Warning Exploit
  • EPSS 94.25%
  • Published 06.03.2020 17:15:12
  • Last modified 14.03.2025 17:41:12

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

9.8

CVE-2013-7390

Exploit
  • EPSS 66.78%
  • Published 27.01.2020 18:15:10
  • Last modified 21.11.2024 02:00:54

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct...

10

CVE-2014-5007

Exploit
  • EPSS 51.61%
  • Published 17.01.2020 22:15:12
  • Last modified 21.11.2024 02:11:16

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary fil...

8.5

CVE-2019-12876

Exploit
  • EPSS 0.11%
  • Published 17.07.2019 20:15:11
  • Last modified 21.11.2024 04:23:45

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

7.8

CVE-2019-12133

  • EPSS 0.06%
  • Published 18.06.2019 22:15:12
  • Last modified 21.11.2024 04:22:17

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such...

6.1

CVE-2018-16833

  • EPSS 6.72%
  • Published 21.09.2018 17:29:06
  • Last modified 21.11.2024 03:53:24

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.

7.8

CVE-2018-13412

  • EPSS 0.06%
  • Published 12.09.2018 16:29:01
  • Last modified 21.11.2024 03:47:03

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent versi...

9

CVE-2018-13411

Exploit
  • EPSS 3.32%
  • Published 12.09.2018 16:29:01
  • Last modified 21.11.2024 03:47:03

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.