Vulnerabilities > Zohocorp > Manageengine Desktop Central
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-16 | CVE-2018-11717 | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100251. | 9.8 |
| 2018-07-16 | CVE-2018-11716 | Information Exposure Through Log Files vulnerability in Zohocorp Manageengine Desktop Central An issue was discovered in Zoho ManageEngine Desktop Central before 100230. | 9.8 |
| 2018-06-29 | CVE-2018-12999 | Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central 10.0.255 Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | 7.5 |
| 2018-04-18 | CVE-2018-5342 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. | 7.2 |
| 2018-04-18 | CVE-2018-5341 | Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. | 9.8 |
| 2018-04-18 | CVE-2018-5340 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries). | 7.2 |
| 2018-04-18 | CVE-2018-5339 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | 9.8 |
| 2018-04-18 | CVE-2018-5338 | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | 9.8 |
| 2018-04-18 | CVE-2018-5337 | Path Traversal vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | 9.8 |
| 2018-03-15 | CVE-2018-8722 | Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 9.1.0 Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. | 6.1 |