Skip to main content

Desktop Central

3 CVEs product

Monthly

CVE-2021-28960 CRITICAL Act Now

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Command Injection Desktop Central
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2015-8249 CRITICAL POC THREAT Emergency

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.2%.

File Upload Zoho Desktop Central
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.2%
Threat
5.9
CVE-2014-3996 HIGH POC THREAT Act Now

SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.2%.

Zoho SQLi It360 Password Manager Pro Desktop Central
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
71.2%
Threat
5.1
EPSS 2% CVSS 9.8
CRITICAL Act Now

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Command Injection Desktop Central
NVD
EPSS 80% 5.9 CVSS 9.8
CRITICAL POC THREAT Emergency

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.2%.

File Upload Zoho Desktop Central
NVD Exploit-DB
EPSS 71% 5.1 CVSS 7.5
HIGH POC THREAT Act Now

SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.2%.

Zoho SQLi It360 +2
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy