Vulnerabilities (CVE)

Filtered by vendor Zoho Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37225 1 Zoho 1 Marketing Automation 2024-11-21 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7.
CVE-2021-42956 2 Microsoft, Zoho 2 Windows, Manageengine Remote Access Plus Server 2024-11-21 6.5 MEDIUM 7.8 HIGH
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.
CVE-2019-5963 1 Zoho 1 Salesiq 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-5962 1 Zoho 1 Salesiq 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-19306 1 Zoho 1 Lead Magnet 2024-11-21 3.5 LOW 5.4 MEDIUM
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName.
CVE-2019-15645 1 Zoho 1 Salesiq 2024-11-21 6.8 MEDIUM 8.8 HIGH
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
CVE-2019-15644 1 Zoho 1 Salesiq 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
CVE-2014-6686 1 Zoho 1 Zoho Books - Accounting App 2024-11-21 5.4 MEDIUM N/A
The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2024-5466 2 Zoho, Zohocorp 4 Manageengine Remote Monitoring And Management, Manageengine Opmanager, Manageengine Opmanager Msp and 1 more 2024-08-27 N/A 8.8 HIGH
Zohocorp ManageEngine OpManager andĀ Remote Monitoring and Management versionsĀ 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.