2 matches found
Zoho ManageEngine Desktop Central Arbitrary File Deletion (CVE-2018-12999)
An arbitrary file deletion vulnerability exists in Zoho ManageEngine Desktop Central. The vulnerability is due to insufficient input validation in requests handled by AgentTrayIconServlet...
CVE-2018-12999
CVE-2018-12999 affects Zoho ManageEngine Desktop Central 10.0.255. The issue is an incorrect access control in AgentTrayIconServlet that lets an attacker delete files on the web server without authentication by sending a crafted request containing computerName=../ to the /agenttrayicon URI. This ...