CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1CVE-2018-11716
https://notcve.org/view.php?id=CVE-2018-11716
16 Jul 2018 — An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 100230. Hay un acceso remoto no autenticado a todos los archivos de registro de una instancia Desktop ... • https://blog.netxp.fr/manageengine-deep-exploitation • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1CVE-2018-11717
https://notcve.org/view.php?id=CVE-2018-11717
16 Jul 2018 — An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID ... • https://blog.netxp.fr/manageengine-deep-exploitation • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 5CVE-2018-12999 – Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion
https://notcve.org/view.php?id=CVE-2018-12999
29 Jun 2018 — Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. Un control de acceso incorrecto en AgentTrayIconServlet en Zoho ManageEngine Desktop Central 10.0.255 permite a los atacantes borrar determinados archivos en el servidor web sin tener que iniciar sesión enviando una petición espec... • https://packetstorm.news/files/id/148635 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 10%CPEs: 2EXPL: 1CVE-2018-5337
https://notcve.org/view.php?id=CVE-2018-5337
18 Apr 2018 — An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de salto de directorio en el campo SCRIPT_NAME al modificar scripts existentes. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2018-5338
https://notcve.org/view.php?id=CVE-2018-5338
18 Apr 2018 — An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de falta de autenticación/autorización para un mecanismo de consulta de base de datos. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-5339
https://notcve.org/view.php?id=CVE-2018-5339
18 Apr 2018 — An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de aplicación insuficiente de restricciones de tipo consulta de base de datos. • https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 7%CPEs: 2EXPL: 1CVE-2018-5340
https://notcve.org/view.php?id=CVE-2018-5340
18 Apr 2018 — An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries). Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de acceso a la base de datos mediante una cuenta de superusuario (concretamente, una cuenta con permisos para escribir en el sistema de archivos mediante consultas SQL). • https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html •
CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 1CVE-2018-5341
https://notcve.org/view.php?id=CVE-2018-5341
18 Apr 2018 — An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de falta de comprobación del lado del servidor en la extensión/tipo de archivo al subir y modificar scripts. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 1CVE-2018-5342
https://notcve.org/view.php?id=CVE-2018-5342
18 Apr 2018 — An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de ejecución de servicios de red (Desktop Central y PostgreSQL) con una cuenta de superusuario. • https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2018-8722
https://notcve.org/view.php?id=CVE-2018-8722
15 Mar 2018 — Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. Zoho ManageEngine Desktop Central, en su versión 9.1.0 build 91099, tiene múltiples problemas de Cross-Site Scripting (XSS) que se solucionaron en la build 92026. • https://www.manageengine.com/products/desktop-central/cross-site-scripting-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •