Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  >> Manageengine Desktop Central  Security Vulnerabilities
CVE-2017-16924
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
CVSS Score
9.8
EPSS Score
0.018
Published
2018-02-19
CVE-2015-2560
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
CVSS Score
9.8
EPSS Score
0.204
Published
2017-08-02
CVE-2017-11346
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
CVSS Score
9.8
EPSS Score
0.25
Published
2017-07-17
CVE-2017-7213
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.104
Published
2017-05-15
CVE-2014-9331
Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do.
CVSS Score
6.8
EPSS Score
0.02
Published
2015-02-04
CVE-2014-9371
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
CVSS Score
10.0
EPSS Score
0.102
Published
2014-12-16
CVE-2014-5005
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
CVSS Score
7.5
EPSS Score
0.858
Published
2014-10-21
CVE-2014-5006
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
CVSS Score
7.5
EPSS Score
0.559
Published
2014-10-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved