Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.
Max CVSS
8.8
EPSS Score
0.08%
Published
2021-11-17
Updated
2021-11-18
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.
Max CVSS
5.4
EPSS Score
0.13%
Published
2019-11-26
Updated
2023-02-27
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
Max CVSS
8.8
EPSS Score
0.09%
Published
2019-08-27
Updated
2019-08-28
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-08-27
Updated
2019-08-28
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.26%
Published
2019-07-05
Updated
2022-07-29
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-07-05
Updated
2022-07-29
The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Max CVSS
5.4
EPSS Score
0.05%
Published
2014-09-23
Updated
2014-10-03
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!