15 matches found
EUVD-2022-51061
Malicious code in bioql PyPI...
CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...
Directory traversal
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...
CVE-2022-48362
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. The attacker could authenticate ...
Zoho ManageEngine Desktop Central Authentication Bypass (CVE-2021-44515)
An authentication bypass vulnerability exists in Zoho ManageEngine Desktop Central. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central
Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of...
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack
Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges — with an ultimate goal of dropping malware onto organizations’ networks, the FBI ha...
CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...
CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...
CVE-2021-44515
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...
CVE-2021-44515
Zoho ManageEngine Desktop Central (and Desktop Central MSP) is affected by CVE-2021-44515, a authentication bypass that enables remote code execution on the server. Affected builds: Enterprise 10.1.2127.17 and earlier require upgrading to 10.1.2127.18; Enterprise 10.1.2128.0–10.1.2137.2 require 1...
ManageEngine Desktop Central < 10.1.2127.18 / 10.1.2128.0 < 10.1.2137.3 Authentication Bypass (CVE-2021-44515)
The ManageEngine Desktop Central application running on the remote host is prior to 10.1.2127.18, or 10.1.2128.0 prior to 10.1.2137.3. It is, therefore, affected by an authentication bypass vulnerability which can allow an adversary to bypass authentication and execute arbitrary code in the Deskt...
CVE-2021-44515
creationtimestamp| type| source ---|---|--- 2021-12-04 06:14:16+00:00| exploited| https://t.me/thehackernews/1705 2021-12-04 15:55:58+00:00| exploited| https://t.me/cKure/8329 2021-12-07 15:59:29+00:00| exploited| https://t.me/truesecator/2416 2021-12-08 20:34:22+00:00| exploited|...
Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks
Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The...