Manageengine Desktop Central
Sign in to watchby Zohocorp
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-11346 | Cri | 0.69 | 9.8 | 0.25 | Jul 17, 2017 | Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | |
| CVE-2017-7213 | Cri | 0.66 | 10.0 | 0.10 | May 15, 2017 | Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | |
| CVE-2015-2560 | Cri | 0.65 | 9.8 | 0.20 | Aug 2, 2017 | Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | |
| CVE-2014-5005 | 0.10 | — | 0.86 | Oct 21, 2014 | Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate. | ||
| CVE-2014-5006 | 0.07 | — | 0.56 | Oct 21, 2014 | Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader. | ||
| CVE-2014-9331 | 0.03 | — | 0.02 | Feb 4, 2015 | Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do. | ||
| CVE-2014-9371 | 0.01 | — | 0.10 | Dec 16, 2014 | The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. |