RSS   Vulnerabilities for 'Desktop central'   RSS

2021-09-21
 
CVE-2021-28960

CWE-77
 

 
ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server.

 
2017-09-27
 
CVE-2015-8249

 

 
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.

 
2014-12-16
 
CVE-2014-9371

 

 
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.

 
2014-12-05
 
CVE-2014-3996

 

 
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.

 

 >>> Vendor: Manageengine 20 Products
Firewall analyzer
Passwordmanager pro
Opmanager
Opmanager msp
Eventlog analyzer
Applications manager
Servicedesk plus
Supportcenter plus
Oputils
Netflow analyzer
Password manager pro
Password manager pro6.1
Adaudit plus
Admanager plus
Assetexplorer
Device expert
Desktop central
It360
Supportcenter
Servicedesk


Copyright 2024, cxsecurity.com

 

Back to Top