ShaunNoonan/security-research

Releases0

Misc repo for security research and disclosures

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2017-16924 ↗	Feb 19, 2018Monday, 19 February 2018, 04:29	—	5 MEDIUM
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.