High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-18	CVE-2018-5341	Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. network low complexity zohocorp CWE-20	7.5
2018-04-18	CVE-2018-5339	Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. network low complexity zohocorp CWE-306	7.5
2018-04-18	CVE-2018-5338	Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. network low complexity zohocorp CWE-306	7.5
2018-04-18	CVE-2018-5337	Path Traversal vulnerability in Zohocorp Manageengine Desktop Central 10.0.124/10.0.184 An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. network low complexity zohocorp CWE-22	7.5
2018-01-04	CVE-2014-7862	Permissions, Privileges, and Access Controls vulnerability in Zohocorp Desktop Central The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action. network low complexity zohocorp CWE-264	7.5
2017-11-16	CVE-2017-16851	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter. network low complexity zohocorp CWE-89	7.5
2017-11-16	CVE-2017-16850	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. network low complexity zohocorp CWE-89	7.5
2017-11-16	CVE-2017-16849	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. network low complexity zohocorp CWE-89	7.5
2017-11-16	CVE-2017-16848	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. network low complexity zohocorp CWE-89	7.5
2017-11-16	CVE-2017-16847	SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. network low complexity zohocorp CWE-89	7.5