430 matches found
CVE-2023-4767
CVE-2023-4767 describes a CRLF injection in ManageEngine Desktop Central v9.1.0. The vulnerability affects the fileName parameter in the endpoint "/STATE_ID/1613157927228/InvSWMetering.csv", enabling an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Exploitation st...
CVE-2023-4767 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...
PT-2023-30569 · Zoho · Manageengine Desktop Central
Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9.1.0 Description: A Server-Side Request Forgery SSRF vulnerability has been found, specifically affecting the /smtpConfig.do component. This issue could allow an authenticated attacker to launch targeted...
ZOHO ManageEngine Desktop Central Code Issue Vulnerability
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A code issue...
ZOHO ManageEngine Desktop Central Injection Vulnerability
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. An injection...
ZOHO ManageEngine Desktop Central Injection Vulnerability
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. An injection...
PT-2023-30555 · Zoho · Manageengine Desktop Central
Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9.1.0 Description: A CRLF injection vulnerability has been found in ManageEngine Desktop Central. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response...
Desktop Central 9.1.0 - Multiple Vulnerabilities
Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...
Desktop Central 9.1.0 CRLF Injection / Server-Side Request Forgery
Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-02-14 Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...
Desktop Central 9.1.0 - Multiple Vulnerabilities
Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-02-14 Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...
The vulnerability of the AgentLogUploadServlet component of the software for managing workstations via the web interface ManageEngine Desktop Central, as well as the remote monitoring and management tools for desktop PCs, servers, laptops, and mobile devices provided by ManageEngine Endpoint Central MSP (previously ManageEngine Desktop Central MSP), allows a malicious individual to circumvent security restrictions and execute arbitrary code.
The vulnerability of the AgentLogUploadServlet component of the software for managing workstations through the web interface of ManageEngine Desktop Central, as well as for remote monitoring and management of desktop PCs, servers, laptops, and mobile devices via ManageEngine Endpoint Central MSP...
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...
Directory traversal
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...
ZOHO ManageEngine Desktop Central 路径遍历漏洞
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...
CVE-2022-48362
CVE-2022-48362 affects Zoho ManageEngine Desktop Central and Desktop Central MSP versions before 10.1.2137.2. It enables directory traversal via computerName to AgentLogUploadServlet, allowing a remote, authenticated attacker to upload arbitrary code that would execute when Desktop Central restar...
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...
ManageEngine Desktop Central < 10.1.2137.9 Authentication Bypass (uncredentialed check)
Binary data manageenginedesktopcentralcve-2021-44757.nbin...
Zoho ManageEngine Desktop Central Authentication Bypass (CVE-2021-44515)
An authentication bypass vulnerability exists in Zoho ManageEngine Desktop Central. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...