Manageengine Desktop Central

manageengine_desktop_central

Vendor: Zohocorp • 48 CVEs

CVEs (48)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-16924 1Zohocorp 1Manageengine Desktop Central Nov 21, 2024 Feb 19, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable...Show more Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.Show less
CVE-2015-2560 1Zohocorp 1Manageengine Desktop Central May 13, 2026 Aug 2, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
CVE-2017-11346 1Zohocorp 1Manageengine Desktop Central May 13, 2026 Jul 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
CVE-2017-7213 1Zohocorp 1Manageengine Desktop Central May 13, 2026 May 15, 2017 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
CVE-2014-9331 1Zohocorp 1Manageengine Desktop Central May 6, 2026 Feb 4, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator acco...Show more Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do.Show less
CVE-2014-9371 1Zohocorp 1Manageengine Desktop Central May 6, 2026 Dec 16, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
CVE-2014-5006 1Zohocorp 1Manageengine Desktop Central May 6, 2026 Oct 21, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
CVE-2014-5005 1Zohocorp 1Manageengine Desktop Central May 6, 2026 Oct 21, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUp...Show more Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.Show less

Previous 1 23