Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_desktop_central
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-02-19 | CVE-2017-16924 | Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157. | Manageengine_desktop_central | 9.8 | ||
| 2019-07-17 | CVE-2019-12876 | Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System. | Manageengine_admanager_plus, Manageengine_adselfservice_plus, Manageengine_desktop_central | 7.3 | ||
| 2018-03-15 | CVE-2018-8722 | Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. | Manageengine_desktop_central | 6.1 | ||
| 2018-04-18 | CVE-2018-5342 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. | Manageengine_desktop_central | 7.2 | ||
| 2018-04-18 | CVE-2018-5341 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. | Manageengine_desktop_central | 9.8 | ||
| 2018-04-18 | CVE-2018-5340 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries). | Manageengine_desktop_central | 7.2 | ||
| 2018-04-18 | CVE-2018-5339 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | Manageengine_desktop_central | 9.8 | ||
| 2018-04-18 | CVE-2018-5338 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | Manageengine_desktop_central | 9.8 | ||
| 2018-04-18 | CVE-2018-5337 | An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | Manageengine_desktop_central | 9.8 | ||
| 2018-09-21 | CVE-2018-16833 | Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | Manageengine_desktop_central | 6.1 |