CVE-2018-5341
https://notcve.org/view.php?id=CVE-2018-5341
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de falta de comprobación del lado del servidor en la extensión/tipo de archivo al subir y modificar scripts. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-20: Improper Input Validation •
CVE-2018-5340
https://notcve.org/view.php?id=CVE-2018-5340
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries). Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de acceso a la base de datos mediante una cuenta de superusuario (concretamente, una cuenta con permisos para escribir en el sistema de archivos mediante consultas SQL). • https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central •
CVE-2018-5338
https://notcve.org/view.php?id=CVE-2018-5338
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de falta de autenticación/autorización para un mecanismo de consulta de base de datos. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-306: Missing Authentication for Critical Function •
CVE-2018-5337
https://notcve.org/view.php?id=CVE-2018-5337
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de salto de directorio en el campo SCRIPT_NAME al modificar scripts existentes. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-5339
https://notcve.org/view.php?id=CVE-2018-5339
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de aplicación insuficiente de restricciones de tipo consulta de base de datos. • https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-306: Missing Authentication for Critical Function •