Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4767 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-11-13 | N/A | 6.1 MEDIUM |
| A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. | |||||
| CVE-2023-4768 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-11-13 | N/A | 6.1 MEDIUM |
| A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. | |||||
| CVE-2022-23863 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | |||||
| CVE-2021-46166 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-01-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page. | |||||
| CVE-2019-16962 | 1 Zohocorp | 1 Manageengine Desktop Central | 2021-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report. | |||||
| CVE-2019-15510 | 1 Zohocorp | 1 Manageengine Desktop Central | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | |||||
| CVE-2020-10859 | 1 Zohocorp | 1 Manageengine Desktop Central | 2020-05-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. | |||||
| CVE-2018-16833 | 1 Zohocorp | 1 Manageengine Desktop Central | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | |||||
| CVE-2018-8722 | 1 Zohocorp | 1 Manageengine Desktop Central | 2018-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. | |||||