178 matches found
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Zohocorp Manageengine_Desktop_Central
CVE-2022-23779 CVE-2022-23779 is a security vulnerability in Z...
CVE-2021-28960
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations...
CVE-2022-23863
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...
CVE-2020-24397
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...
EUVD-2019-7440
Malware in sbrugna...
EUVD-2017-8094
Malware in sbrugna...
EUVD-2023-54616
Malicious code in bioql PyPI...
EUVD-2021-32864
Malicious code in bioql PyPI...
EUVD-2021-32865
Malicious code in bioql PyPI...
CVE-2024-2370
CVE-2024-2370 is a duplicate of CVE-2018-5341 affecting Zoho ManageEngine Desktop Central. The connected records describe a missing server-side file type/extension check in Desktop Central 10.0.124/10.0.184, and note the 2018-5341 advisory as the authoritative entry. No explicit exploit details o...
PT-2024-20019 · Zoho · Manageengine Desktop Central
Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9, build 90055 Description: A critical flaw in ManageEngine Desktop Central poses a major security risk due to an unrestricted file upload vulnerability. This issue could allow a remote attacker to upload ...
CVE-2023-4769
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...
CVE-2023-4768
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...
CVE-2023-4767
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...
Crlf injection
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...
Crlf injection
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...
Server side request forgery (ssrf)
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...
CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP...
CVE-2023-4769
CVE-2023-4769 describes a Server-Side Request Forgery (SSRF) vulnerability in ManageEngine Desktop Central v9.1.0, specifically the /smtpConfig.do component. The connected documents indicate an authenticated attacker could leverage this to perform targeted actions (e.g., cross-port access, servic...
CVE-2023-4768 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...