3 matches found
CVE-2021-28960
CVE-2021-28960 affects Zoho ManageEngine Desktop Central prior to build 10.0.683. The vulnerability arises from improper handling of an input command in on-demand operations, enabling unauthenticated command injection. This could allow an attacker to execute arbitrary commands on the affected sys...
CVE-2015-8249
CVE-2015-8249 is a vulnerability in ManageEngine Desktop Central 9 where the FileUploadServlet accepts user-controlled ConnectionId and allows uploading and executing arbitrary files. The issue occurs in builds prior to 91093 and can lead to remote code execution (context: SYSTEM) via crafted upl...
CVE-2014-3996
CVE-2014-3996 is a SQL injection in the LinkViewFetchServlet.dat endpoint of multiple ManageEngine products, exploitable via the sv parameter. Affected are Desktop Central (DC) and DC MSP editions before 9 build 90043, Password Manager Pro (PMP) and PMP MSP before 7 build 7003, and IT360/IT360 MS...