Page 3 of 22 results (0.005 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. Zoho ManageEngine Desktop Central anteriores al build 10.0.647, permite a un único secreto de autenticación de múltiples agentes comunicarse con el servidor • https://www.manageengine.com/products/desktop-central/cve-2020-28050.html https://www.manageengine.com/products/desktop-central/fixing-multiple-vulnerabilities.html • CWE-287: Improper Authentication •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. Se detectó un problema en el lado del cliente de Zoho ManageEngine Desktop Central versión 10.0.0.SP-534. Un servidor controlado por un atacante puede desencadenar un desbordamiento de enteros en las funciones InternetSendRequestEx e InternetSendRequestByBitrate que desencadena un desbordamiento del búfer en la región heap de la memoria y una Ejecución de Código Remota con privilegios SYSTEM • https://www.manageengine.com/products/desktop-central https://www.manageengine.com/products/desktop-central/integer-overflow-vulnerability.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication. Se detectó un problema en el lado del cliente de Zoho ManageEngine Desktop Central versión 10.0.552.W. • https://www.manageengine.com/products/desktop-central/integer-overflow-vulnerability.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. Zoho ManageEngine Desktop Central versiones anteriores a 10.0.484, permite una escritura de archivos arbitrarios autenticados durante una extracción de archivos ZIP por medio de un Salto de Directorio en una petición de la API AppDependency diseñada. • https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. Zoho ManageEngine Desktop Centralen versiones anteriores a la 10.0.483 permite a los usuarios no autentificados acceder a PDFGenerationServlet, conllevando a una divulgación de información confidencial. • https://www.manageengine.com/products/desktop-central/unauthenticated-servlet-access.html • CWE-306: Missing Authentication for Critical Function •