CVEs-PoC/2021/CVE-2021-42956.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.0 KiB

Raw Permalink Blame History

CVE-2021-42956

Description

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.

POC

Reference

https://medium.com/nestedif/vulnerability-disclosure-sensitive-info-leakage-agent-memory-dump-zoho-r-a-p-3d5ebc8928af

Github

https://github.com/ARPSyndicate/cvemon

1.0 KiB Raw Permalink Blame History

CVE-2021-42956

Description

POC

Reference

Github

1.0 KiB

Raw Permalink Blame History