Page 8 of 46 results (0.007 seconds)

CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de aplicación insuficiente de restricciones de tipo consulta de base de datos. • https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de ejecución de servicios de red (Desktop Central y PostgreSQL) con una cuenta de superusuario. • https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. Zoho ManageEngine Desktop Central, en su versión 9.1.0 build 91099, tiene múltiples problemas de Cross-Site Scripting (XSS) que se solucionaron en la build 92026. • https://www.manageengine.com/products/desktop-central/cross-site-scripting-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0

Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157. Una revelación de información remota y un escalado de privilegios en ManageEngine Desktop Central MSP 10.0.137 permiten que atacantes descarguen archivos XML sin cifrar que contienen todos los datos de las políticas de configuración mediante una URL /client-data//collections/##/usermgmt.xml predecible, tal y como demuestran las contraseñas y las claves Wi-Fi. Esto se ha solucionado en la build 100157. • https://github.com/snoonan77/security-research/blob/master/CVE-2017-16924 https://www.manageengine.com/desktop-management-msp/password-encryption-policy-violation.html • CWE-330: Use of Insufficiently Random Values •

CVSS: 9.8EPSS: 15%CPEs: 1EXPL: 1

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. Desktop Central antes del build 100092 de Zoho ManageEngine, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores que involucran la carga de videos de soporte al usuario. • https://www.exploit-db.com/exploits/42358 https://www.manageengine.com/products/desktop-central/remote-code-execution.html • CWE-20: Improper Input Validation •