26 matches found
ZOHO ManageEngine Desktop Central 路径遍历漏洞
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Zoho has released a security advisory to address an authentication bypass vulnerability CVE-2021-44757 in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review th...
ZOHO ManageEngine Desktop Central MSP 信息泄露漏洞
ZOHO ManageEngine Desktop Central MSP is a suite of desktop and mobile device management software for MSPs Managed Service Providers from ZOHO USA. The software enables MSPs to remotely manage desktops, servers, and mobile devices in their customer networks, and provides differentiated management...
ZOHO ManageEngine Desktop Central MSP 安全漏洞
ZOHO ManageEngine Desktop Central MSP is a suite of desktop and mobile device management software for MSPs Managed Service Providers from ZOHO. A security vulnerability exists in versions prior to Zoho ManageEngine Desktop Central 10.0.662, which is caused by a program that launches an executable...
ZOHO ManageEngine Desktop Central MSP 授权问题漏洞
ZOHO ManageEngine Desktop Central MSP is a suite of desktop and mobile device management software for MSPs managed service providers from ZOHO. The software enables MSPs to remotely manage desktops, servers, and mobile devices in their customer networks and provides differentiated management...
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in...
CVE-2020-9367
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it...
CVE-2017-16924
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data//collections//usermgmt.xml URL, as demonstrated by passwords and...
CVE-2017-16924
Affected product: ManageEngine Desktop Central MSP 10.0.137. The issue is an information disclosure vulnerability enabling access to unencrypted XML files containing configuration-policy data via a predictable URL pattern /client-data//collections/##/usermgmt.xml, potentially exposing passwords a...
CVE-2017-16924
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data//collections//usermgmt.xml URL, as demonstrated by passwords and...
Deserialization of untrusted data
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action...
ManageEngine Desktop Central MSP < 9.0.075 Arbitrary Code Execution Vulnerability
ManageEngine Desktop Central MSP is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ManageEngine Desktop Central MSP PatchScanServlet domainName File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PatchScanServlet servlet. The issue lies in the failure to saniti...
ManageEngine Desktop Central MSP DSStatusUpdateServlet DomainName File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DSStatusUpdateServlet servlet. The issue lies in the failure to...
ManageEngine Desktop Central MSP InventoryServlet computer File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InventoryServlet servlet. The issue lies in the failure to saniti...
ManageEngine Desktop Central MSP IOSCheckInServlet UDID Remote Code Execution Vulnerability
Manageengine desktop central is a complete windows client management software that enables remote management of desktop and mobile computers with its remote software installation and configuration options. A remote code execution vulnerability exists in the ManageEngine Desktop Central MSP...
ManageEngine Desktop Central MSP FileUploadServlet computerName File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet servlet. The issue lies in the failure to...
ManageEngine Desktop Central MSP IOSCheckInServlet UDID Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IOSCheckInServlet servlet. The issue lies in the failure to...
ManageEngine Desktop Central MSP MDMLogUploaderServlet filename File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MDMLogUploaderServlet servlet. The issue lies in the failure to...
ManageEngine Desktop Central MSP InventorySWMeteringServlet domain File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InventorySWMeteringServlet servlet. The issue lies in the failure...