CVSS: 6.8EPSS: 90%CPEs: 1EXPL: 5CVE-2015-2995 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. El servlet RdsLogsEntry en SysAid Help Desk en versiones anteriores a 15.2 no verifica adecuadamente las extensiones de archivo, lo que permite a atacantes remotos cargar y ejecutar archivos a través de un byte NULL después de la extensión, según lo demostrado por un archivo .war%00. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 https://www.exploit-db.com/exploits/37667 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.rapid7.com/db/modules/exploit/multi/http/sysaid_rdslogs_file_upload http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 3CVE-2015-3000 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3000
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack. SysAid Help Desk anterior a 15.2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de un número grande de referencias de entidad anidadas en un documento XML en (1) /agententry, (2) /rdsmonitoringresponse, o (3) /androidactions, también conocido como un ataque de la expansión de entidad XML (XEE). SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 3CVE-2015-2993 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2993
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. SysAid Help Desk anterior a 15.2 no restringe correctamente el acceso a cierta funcionalidad, lo que permite a atacantes remotos (1) crear cuentas de administradores a través de una solicitud manipulada a /createnewaccount o (2) escribir en ficheros arbitrarios a través del parámetro fileName en /userentry. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 4CVE-2014-9436 – SysAid Server - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2014-9436
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. Vulnerabilidad de recorrido de directorio absoluto en SysAid On-Premise anterior a 14.4.2 permite a atacantes remotos leer ficheros arbitrarios a través de un \\\\ (cuatro barras invertidas) en el parámetro fileName en getRdsLogFile. • https://www.exploit-db.com/exploits/35593 http://packetstormsecurity.com/files/129705/SysAid-Server-Arbitrary-File-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/99 http://www.exploit-db.com/exploits/35593 https://exchange.xforce.ibmcloud.com/vulnerabilities/99456 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5259
https://notcve.org/view.php?id=CVE-2007-5259
Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Ilient SysAid 4.5.03 y 4.5.04 permite a atacantes remotos llevar a cabo algunas acciones como administradores, como se demostró con el cambio de la contraseña de administrador. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. • http://osvdb.org/37663 http://secunia.com/advisories/27026 http://www.securityfocus.com/bid/25885 • CWE-352: Cross-Site Request Forgery (CSRF) •