Lucene search
K

430 matches found

CVE
CVE
added 2023/11/03 10:41 a.m.60 views

CVE-2023-4767

CVE-2023-4767 describes a CRLF injection in ManageEngine Desktop Central v9.1.0. The vulnerability affects the fileName parameter in the endpoint "/STATE_ID/1613157927228/InvSWMetering.csv", enabling an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Exploitation st...

6.1CVSS6.3AI score0.0287EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/03 10:41 a.m.21 views

CVE-2023-4767 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

6.1CVSS7.2AI score0.0287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/03 12:0 a.m.5 views

PT-2023-30569 · Zoho · Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9.1.0 Description: A Server-Side Request Forgery SSRF vulnerability has been found, specifically affecting the /smtpConfig.do component. This issue could allow an authenticated attacker to launch targeted...

8.8CVSS8.6AI score0.03251EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.3 views

ZOHO ManageEngine Desktop Central Code Issue Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A code issue...

8.8CVSS7AI score0.03251EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.6 views

ZOHO ManageEngine Desktop Central Injection Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. An injection...

6.1CVSS7.3AI score0.0287EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.5 views

ZOHO ManageEngine Desktop Central Injection Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. An injection...

6.1CVSS7.3AI score0.0287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/03 12:0 a.m.6 views

PT-2023-30555 · Zoho · Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9.1.0 Description: A CRLF injection vulnerability has been found in ManageEngine Desktop Central. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response...

6.1CVSS6.4AI score0.0287EPSS
Exploits0References5
0day.today
0day.today
added 2023/03/27 12:0 a.m.216 views

Desktop Central 9.1.0 - Multiple Vulnerabilities

Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.231 views

Desktop Central 9.1.0 CRLF Injection / Server-Side Request Forgery

Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-02-14 Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/03/27 12:0 a.m.217 views

Desktop Central 9.1.0 - Multiple Vulnerabilities

Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-02-14 Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/07 12:0 a.m.5 views

The vulnerability of the AgentLogUploadServlet component of the software for managing workstations via the web interface ManageEngine Desktop Central, as well as the remote monitoring and management tools for desktop PCs, servers, laptops, and mobile devices provided by ManageEngine Endpoint Central MSP (previously ManageEngine Desktop Central MSP), allows a malicious individual to circumvent security restrictions and execute arbitrary code.

The vulnerability of the AgentLogUploadServlet component of the software for managing workstations through the web interface of ManageEngine Desktop Central, as well as for remote monitoring and management of desktop PCs, servers, laptops, and mobile devices via ManageEngine Endpoint Central MSP...

9.6CVSS8.4AI score0.08667EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2023/02/25 9:15 p.m.3 views

CVE-2022-48362

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...

8.8CVSS5.9AI score0.08667EPSS
Exploits1References2
NVD
NVD
added 2023/02/25 9:15 p.m.21 views

CVE-2022-48362

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...

8.8CVSS9.4AI score0.08667EPSS
Exploits1References2
Prion
Prion
added 2023/02/25 9:15 p.m.35 views

Directory traversal

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...

6.5CVSS9.3AI score0.99867EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2023/02/25 12:0 a.m.4 views

ZOHO ManageEngine Desktop Central 路径遍历漏洞

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...

8.8CVSS8.1AI score0.08667EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/02/25 12:0 a.m.12 views

CVE-2022-48362

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...

8.8AI score0.08667EPSS
Exploits1References2
CVE
CVE
added 2023/02/25 12:0 a.m.99 views

CVE-2022-48362

CVE-2022-48362 affects Zoho ManageEngine Desktop Central and Desktop Central MSP versions before 10.1.2137.2. It enables directory traversal via computerName to AgentLogUploadServlet, allowing a remote, authenticated attacker to upload arbitrary code that would execute when Desktop Central restar...

8.8CVSS9.2AI score0.08667EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/25 12:0 a.m.30 views

CVE-2022-48362

Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...

9.5AI score0.08667EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.147 views

ManageEngine Desktop Central < 10.1.2137.9 Authentication Bypass (uncredentialed check)

Binary data manageenginedesktopcentralcve-2021-44757.nbin...

9.1CVSS9.4AI score0.24195EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2022/03/16 12:0 a.m.10 views

Zoho ManageEngine Desktop Central Authentication Bypass (CVE-2021-44515)

An authentication bypass vulnerability exists in Zoho ManageEngine Desktop Central. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

10CVSS8.8AI score0.99867EPSS
Exploits2
Rows per page
Query Builder