Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.9 views

CVE-2022-23863

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password...

6.5CVSS6.7AI score0.0192EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-32865

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00469EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-32864

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.07136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/02 12:0 a.m.6 views

PT-2022-16262 · Zoho · Zoho Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Desktop Central versions prior to 10.1.2137.8 Description: The issue allows the exposure of the installed server name to anyone, enabling the discovery of the internal hostname by reading HTTP redirect responses. This can be...

5.3CVSS5.1AI score0.1514EPSS
Exploits2References7
NVD
NVD
added 2022/01/18 10:15 a.m.31 views

CVE-2021-44757

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server...

9.1CVSS0.24195EPSS
Exploits0References1
NVD
NVD
added 2021/12/12 5:15 a.m.18 views

CVE-2021-44515

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...

10CVSS0.99867EPSS
Exploits2References4
Cvelist
Cvelist
added 2021/12/12 4:4 a.m.36 views

CVE-2021-44515

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...

9.9AI score0.99867EPSS
Exploits2References3
CVE
CVE
added 2021/09/21 12:46 p.m.765 views

CVE-2021-28960

CVE-2021-28960 affects Zoho ManageEngine Desktop Central prior to build 10.0.683. The vulnerability arises from improper handling of an input command in on-demand operations, enabling unauthenticated command injection. This could allow an attacker to execute arbitrary commands on the affected sys...

9.8CVSS9.7AI score0.01971EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/21 12:46 p.m.23 views

CVE-2021-28960

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations...

10AI score0.01971EPSS
Exploits0References2
CVE
CVE
added 2021/03/18 7:35 p.m.53 views

CVE-2020-9367

Zoho ManageEngine Desktop Central MSP (build 10.0.486) MPS Agent components dcinventory.exe and dcconfig.exe load CSUNSAPI.dll without full path; CSUNSAPI.dll is missing from the installation, enabling DLL hijacking and potential code injection with privilege escalation to NT AUTHORITY\SYSTEM. Co...

7.8CVSS7.7AI score0.01053EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/18 7:35 p.m.22 views

CVE-2020-9367

The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it...

7.8AI score0.01053EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/11 12:0 a.m.21 views

Zoho ManageEngine Desktop Central has an unspecified vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management.A security...

9.1CVSS1.9AI score0.04951EPSS
Exploits0References1
NVD
NVD
added 2020/10/02 8:15 p.m.25 views

CVE-2020-24397

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

9CVSS0.278EPSS
Exploits0References2
NVD
NVD
added 2020/10/02 8:15 p.m.26 views

CVE-2020-15589

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the...

8.1CVSS0.08287EPSS
Exploits0References2
Prion
Prion
added 2020/10/02 8:15 p.m.14 views

Integer overflow

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

9CVSS7.4AI score0.278EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/02 7:13 p.m.28 views

CVE-2020-15589

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the...

8.4AI score0.08287EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/10/02 7:6 p.m.21 views

CVE-2020-24397

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

7.5AI score0.278EPSS
Exploits0References2
NVD
NVD
added 2020/07/29 6:15 p.m.27 views

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

9.8CVSS10AI score0.12666EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/29 5:35 p.m.23 views

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

10AI score0.12666EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/07/29 12:0 a.m.36 views

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

9.8CVSS3.2AI score0.278EPSS
Exploits0References2
Rows per page
Query Builder