Lucene search
K

430 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:31 a.m.8 views

CVE-2022-48362

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...

10CVSS7.3AI score0.99867EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 6:56 p.m.5 views

CVE-2021-46166

Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page...

6.5CVSS6.2AI score0.02759EPSS
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.257 views

ManageEngine Desktop Central Administrator Account Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Desktop Central Administrator Account Creation', 'Description' = %q This module exploits an administrator account creation...

9.8CVSS7.4AI score0.81048EPSS
Exploits8
CVE
CVE
added 2024/03/11 12:55 p.m.110 views

CVE-2024-2370

CVE-2024-2370 is a duplicate of CVE-2018-5341 affecting Zoho ManageEngine Desktop Central. The connected records describe a missing server-side file type/extension check in Desktop Central 10.0.124/10.0.184, and note the 2018-5341 advisory as the authoritative entry. No explicit exploit details o...

9.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.6 views

PT-2024-20019 · Zoho · Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9, build 90055 Description: A critical flaw in ManageEngine Desktop Central poses a major security risk due to an unrestricted file upload vulnerability. This issue could allow a remote attacker to upload ...

7.2AI score
Exploits0References11
CNNVD
CNNVD
added 2024/03/11 12:0 a.m.5 views

Number withdrawn

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control, and other functional modules to support the entire lifecycle of desktop and server management. This CVE number has...

6.9AI score
Exploits0References2
NVD
NVD
added 2023/11/03 11:15 a.m.25 views

CVE-2023-4768

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...

6.1CVSS6.3AI score0.0287EPSS
Exploits0References1
OSV
OSV
added 2023/11/03 11:15 a.m.5 views

CVE-2023-4767

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

6.1CVSS5.8AI score0.0287EPSS
Exploits0References1
OSV
OSV
added 2023/11/03 11:15 a.m.5 views

CVE-2023-4769

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

8.8CVSS5.7AI score0.03251EPSS
Exploits0References1
NVD
NVD
added 2023/11/03 11:15 a.m.12 views

CVE-2023-4767

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

6.1CVSS6.3AI score0.0287EPSS
Exploits0References1
NVD
NVD
added 2023/11/03 11:15 a.m.29 views

CVE-2023-4769

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

8.8CVSS6.9AI score0.03251EPSS
Exploits0References1
Prion
Prion
added 2023/11/03 11:15 a.m.17 views

Crlf injection

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...

5.8CVSS6.3AI score0.0287EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/03 11:15 a.m.21 views

Crlf injection

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

5.8CVSS6.3AI score0.0287EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/03 11:15 a.m.19 views

Server side request forgery (ssrf)

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

6.5CVSS8.3AI score0.03251EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/03 10:55 a.m.59 views

CVE-2023-4769

CVE-2023-4769 describes a Server-Side Request Forgery (SSRF) vulnerability in ManageEngine Desktop Central v9.1.0, specifically the /smtpConfig.do component. The connected documents indicate an authenticated attacker could leverage this to perform targeted actions (e.g., cross-port access, servic...

8.8CVSS6.9AI score0.03251EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/03 10:55 a.m.12 views

CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

6.6CVSS6.7AI score0.03251EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/03 10:55 a.m.33 views

CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

6.6CVSS8.6AI score0.03251EPSS
Exploits0References1
CVE
CVE
added 2023/11/03 10:42 a.m.64 views

CVE-2023-4768

ManageEngine Desktop Central 9.1.0 is affected by a CRLF injection vulnerability that could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. The vulnerability is confirmed across m...

6.1CVSS6.3AI score0.0287EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/03 10:42 a.m.25 views

CVE-2023-4768 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...

6.1CVSS6.5AI score0.0287EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/03 10:41 a.m.17 views

CVE-2023-4767 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

6.1CVSS6.5AI score0.0287EPSS
Exploits0References1
Rows per page
Query Builder