Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_desktop_central
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-29 | CVE-2018-12999 | Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | Manageengine_desktop_central | 7.5 | ||
| 2018-07-16 | CVE-2018-11717 | An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the... | Manageengine_desktop_central | 9.8 | ||
| 2018-07-16 | CVE-2018-11716 | An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444. | Manageengine_desktop_central | 9.8 | ||
| 2017-05-15 | CVE-2017-7213 | Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | Manageengine_desktop_central | 10.0 | ||
| 2017-07-17 | CVE-2017-11346 | Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | Manageengine_desktop_central | 9.8 | ||
| 2017-08-02 | CVE-2015-2560 | Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | Manageengine_desktop_central | 9.8 | ||
| 2014-12-16 | CVE-2014-9371 | The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | Manageengine_desktop_central | N/A | ||
| 2015-02-04 | CVE-2014-9331 | Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. | Manageengine_desktop_central | N/A |