Latest zohocorp manageengine desktop central Vulnerabilities

CVE-2023-4769
Server-Side Request Forgery in ManageEngine Desktop Central
Zohocorp Manageengine Desktop Central=9.1.0
CVE-2023-4768
Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central
Zohocorp Manageengine Desktop Central=9.1.0
CVE-2023-4767
Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central
Zohocorp Manageengine Desktop Central=9.1.0
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrar...
Zohocorp Manageengine Desktop Central<10.1.2137.2
Zohocorp Manageengine Desktop Central<10.1.2137.2
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 153 more
CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
Zohocorp Manageengine Desktop Central<10.1.2137.8
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.
Zohocorp Manageengine Desktop Central<10.1.2137.10
CVE-2021-46166
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.
Zohocorp Manageengine Desktop Central<10.0.662
CVE-2021-46165
Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.
Zohocorp Manageengine Desktop Central<10.0.662
CVE-2021-46164
Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.
Zohocorp Manageengine Desktop Central<10.0.662
CVE-2021-44515
Zoho Desktop Central Authentication Bypass Vulnerability
Zoho Desktop Central
Zohocorp Manageengine Desktop Central<10.1.2127.18
Zohocorp Manageengine Desktop Central<10.1.2127.18
Zohocorp Manageengine Desktop Central>=10.1.2128.0<=10.1.2137.3
Zohocorp Manageengine Desktop Central>=10.1.2128.0<10.1.2137.3
CVE-2021-37414
Zohocorp Manageengine Desktop Central<10.0.709
CVE-2020-9367
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete...
Zohocorp Manageengine Desktop Central=10.0.486
CVE-2020-28050
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.
Zohocorp Manageengine Desktop Central<10.0.647
CVE-2019-16962
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report.
Zohocorp Manageengine Desktop Central=10.0.430
CVE-2020-15589
A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access P...
Zohocorp Manageengine Desktop Central=10.0.552.w
Zohocorp Manageengine Remote Access Plus<10.1.2119.1
CVE-2020-24397
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRe...
Zohocorp Manageengine Desktop Central=10.0.0-sp-534
CVE-2020-15588
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendReque...
Zohocorp Manageengine Desktop Central<10.0.561
CVE-2020-10859
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
Zohocorp Manageengine Desktop Central<10.0.484
CVE-2020-8509
Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.
Zohocorp Manageengine Desktop Central<10.0.483
CVE-2019-15510
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.
Zohocorp Manageengine Desktop Central=10.0
CVE-2020-8540
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request...
Zohocorp Manageengine Desktop Central<2020-03-07
CVE-2020-10189
Zoho ManageEngine Desktop Central File Upload Vulnerability
Zohocorp Manageengine Desktop Central<10.0.479
CVE-2013-7390
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file wi...
Zohocorp Manageengine Desktop Central>=7.0.0<=8.0.0
CVE-2014-5007
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remo...
Zohocorp Manageengine Desktop Central>=7.0<=9.0
Zohocorp Manageengine Desktop Central Managed Service Providers>=7.0<=9.0
CVE-2019-12876
Zohocorp Manageengine Admanager Plus=6.6.5
Zohocorp Manageengine Adselfservice Plus=5.7
Zohocorp Manageengine Desktop Central=10.0.380
CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associat...
Zoho ManageEngine=1.0
Zohocorp Manageengine Browser Security Plus
Zohocorp Manageengine Desktop Central=10.0.380
Zohocorp Manageengine Eventlog Analyzer=12.0.2
Zohocorp Manageengine Firewall=12.0
Zohocorp Manageengine Key Manager Plus=5.6
and 12 more
CVE-2018-16833
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
Zohocorp Manageengine Desktop Central=10.0.271
CVE-2018-13411
An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed ...
Zohocorp Manageengine Desktop Central<10.0.282
CVE-2018-13412
An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In...
Zohocorp Manageengine Desktop Central<10.0.282
CVE-2018-11717
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64...
Zohocorp Manageengine Desktop Central<100251
CVE-2018-11716
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (priva...
Zohocorp Manageengine Desktop Central<100230
CVE-2018-12999
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted r...
Zohocorp Manageengine Desktop Central=10.0.255

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203