CVE-2018-5338
https://notcve.org/view.php?id=CVE-2018-5338
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de falta de autenticación/autorización para un mecanismo de consulta de base de datos. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-306: Missing Authentication for Critical Function •
CVE-2018-5337
https://notcve.org/view.php?id=CVE-2018-5337
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de salto de directorio en el campo SCRIPT_NAME al modificar scripts existentes. • https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-5339
https://notcve.org/view.php?id=CVE-2018-5339
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de aplicación insuficiente de restricciones de tipo consulta de base de datos. • https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.html https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-306: Missing Authentication for Critical Function •
CVE-2018-5342
https://notcve.org/view.php?id=CVE-2018-5342
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. Se ha descubierto un problema en Zoho ManageEngine Desktop Central 10.0.124 y 10.0.184 de ejecución de servicios de red (Desktop Central y PostgreSQL) con una cuenta de superusuario. • https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-8722
https://notcve.org/view.php?id=CVE-2018-8722
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. Zoho ManageEngine Desktop Central, en su versión 9.1.0 build 91099, tiene múltiples problemas de Cross-Site Scripting (XSS) que se solucionaron en la build 92026. • https://www.manageengine.com/products/desktop-central/cross-site-scripting-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •