Zohocorp

Manageengine Desktop Central

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-15510

Exploit
  • EPSS 3.82%
  • Veröffentlicht 23.03.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:28:53

ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.

9.8

CVE-2020-8540

  • EPSS 24.12%
  • Veröffentlicht 11.03.2020 17:15:16
  • Zuletzt bearbeitet 21.11.2024 05:38:59

An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XM...

10

CVE-2020-10189

Warnung Exploit
  • EPSS 94.25%
  • Veröffentlicht 06.03.2020 17:15:12
  • Zuletzt bearbeitet 07.11.2025 19:33:43

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

9.8

CVE-2013-7390

Exploit
  • EPSS 66.78%
  • Veröffentlicht 27.01.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 02:00:54

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct...

10

CVE-2014-5007

Exploit
  • EPSS 51.61%
  • Veröffentlicht 17.01.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 02:11:16

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary fil...

8.5

CVE-2019-12876

Exploit
  • EPSS 0.14%
  • Veröffentlicht 17.07.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:45

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

7.8

CVE-2019-12133

  • EPSS 0.06%
  • Veröffentlicht 18.06.2019 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:22:17

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such...

6.1

CVE-2018-16833

  • EPSS 2.67%
  • Veröffentlicht 21.09.2018 17:29:06
  • Zuletzt bearbeitet 21.11.2024 03:53:24

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.

7.8

CVE-2018-13412

  • EPSS 0.06%
  • Veröffentlicht 12.09.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:47:03

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent versi...

9

CVE-2018-13411

Exploit
  • EPSS 3.32%
  • Veröffentlicht 12.09.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:47:03

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.