Vulnerabilities > Zohocorp > Manageengine Desktop Central > 7.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-30 | CVE-2020-8509 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | 5.0 |
| 2020-03-11 | CVE-2020-8540 | XXE vulnerability in Zohocorp Manageengine Desktop Central An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 7.5 |
| 2020-03-06 | CVE-2020-10189 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. | 9.8 |
| 2020-01-27 | CVE-2013-7390 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Desktop Central 7.0.0/7.0.1/8.0.0 Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot. | 7.5 |
| 2020-01-17 | CVE-2014-5007 | Path Traversal vulnerability in Zohocorp products Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. | 10.0 |
| 2018-09-12 | CVE-2018-13412 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. | 7.2 |
| 2018-09-12 | CVE-2018-13411 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. | 9.0 |
| 2018-07-16 | CVE-2018-11717 | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100251. | 5.0 |
| 2018-07-16 | CVE-2018-11716 | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100230. | 5.0 |
| 2017-07-17 | CVE-2017-11346 | Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | 7.5 |