29 matches found
EUVD-2019-4455
Malware in sbrugna...
EUVD-2021-23979
Malware in sbrugna...
ZOHO ManageEngine DesktopCentral Licensing Issue Vulnerability
ZOHO ManageEngine DesktopCentral is used by ZOHO for cloud-scale monitoring to reduce complexity.ZOHO ManageEngine DesktopCentral suffers from an authorization issue vulnerability that could be exploited by attackers to obtain APIKEY of valid users without authentication...
CVE-2021-37414
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication...
CVE-2021-37414
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication...
Authentication flaw
Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication...
CVE-2021-37414
CVE-2021-37414 affects Zoho ManageEngine DesktopCentral prior to 10.0.709. The issue is an authorization flaw that allows retrieving a valid user’s APIKEY without authentication, per NVD/Red Hat.cnvd entries and vendor pages. Impact is authenticated user credential exposure; no explicit exploitat...
Zoho ManageEngine DesktopCentral授权问题漏洞
ZOHO ManageEngine DesktopCentral is used by ZOHO for cloud-scale monitoring to reduce complexity.ZOHO ManageEngine DesktopCentral suffers from an authorization issue vulnerability that could be exploited by attackers to obtain APIKEY of valid users without authentication...
CVE-2013-7390
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot...
CVE-2013-7390
CVE-2013-7390 describes an unrestricted file upload in ManageEngine Desktop Central’s AgentLogUploadServlet. A remote attacker can upload a JSP file to the webroot and access it directly to execute arbitrary code, affecting Desktop Central 7.x and 8.0.0 prior to build 80293. Multiple sources corr...
Zoho ManageEngine ADManager Plus, ADSelfService Plus and DesktopCentral Permission License and Access Control Issues Vulnerabilities
ZOHO ManageEngine ADSelfService Plus and others are products of ZOHO Corporation.ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software.ZOHO ManageEngine ADManager ZOHO ManageEngine ADManager Plus is a set of Microsoft Active Directory management software design...
CVE-2019-12876
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System...
Privilege escalation
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System...
CVE-2019-12876
CVE-2019-12876 affects Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380. The issue is described as insecure permissions that enable privilege escalation from low-level to System, across multiple ManageEngine products. Connected sources (Red Hat advisory ...
ManageEngine Desktop Central Cross-Site Request Forgery Vulnerability
Manageengine desktop central is a complete windows client management software that enables remote management of desktop and mobile computers with its remote software installation and configuration options. A cross-site request forgery vulnerability exists in Manageengine desktop central, which...
ManageEngine Desktop Central StatusUpdate - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine Desktop Central StatusUpdate Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload...
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine Desktop Central StatusUpdate Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload...
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload Exploit
This module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 including the MSP versions. A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version ...
ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload Vulnerability
No description provided by source...
DesktopCentral AgentLogUpload Arbitrary File Upload
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...