Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Zohocorp Manageengine_Desktop_Central

CVE-2022-23779 CVE-2022-23779 is a security vulnerability in Z...

CVE-2021-28960

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations...

CVE-2022-23863

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...

CVE-2020-24397

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

EUVD-2017-8094

Malware in sbrugna...

EUVD-2019-7440

Malware in sbrugna...

EUVD-2021-32865

Malicious code in bioql PyPI...

EUVD-2023-54616

Malicious code in bioql PyPI...

EUVD-2021-32864

Malicious code in bioql PyPI...

CVE-2024-2370

CVE-2024-2370 is a duplicate of CVE-2018-5341 affecting Zoho ManageEngine Desktop Central. The connected records describe a missing server-side file type/extension check in Desktop Central 10.0.124/10.0.184, and note the 2018-5341 advisory as the authoritative entry. No explicit exploit details o...

PT-2024-20019 · Zoho · Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9, build 90055 Description: A critical flaw in ManageEngine Desktop Central poses a major security risk due to an unrestricted file upload vulnerability. This issue could allow a remote attacker to upload ...

CVE-2023-4769

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

CVE-2023-4767

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

CVE-2023-4768

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...

Server side request forgery (ssrf)

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

Crlf injection

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

Crlf injection

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...

CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...

CVE-2023-4769

CVE-2023-4769 describes a Server-Side Request Forgery (SSRF) vulnerability in ManageEngine Desktop Central v9.1.0, specifically the /smtpConfig.do component. The connected documents indicate an authenticated attacker could leverage this to perform targeted actions (e.g., cross-port access, servic...

CVE-2023-4768

ManageEngine Desktop Central 9.1.0 is affected by a CRLF injection vulnerability that could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. The vulnerability is confirmed across m...