CVSS: 6.8EPSS: 90%CPEs: 1EXPL: 5CVE-2015-2995 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. El servlet RdsLogsEntry en SysAid Help Desk en versiones anteriores a 15.2 no verifica adecuadamente las extensiones de archivo, lo que permite a atacantes remotos cargar y ejecutar archivos a través de un byte NULL después de la extensión, según lo demostrado por un archivo .war%00. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 https://www.exploit-db.com/exploits/37667 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.rapid7.com/db/modules/exploit/multi/http/sysaid_rdslogs_file_upload http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 3CVE-2015-3000 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3000
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack. SysAid Help Desk anterior a 15.2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de un número grande de referencias de entidad anidadas en un documento XML en (1) /agententry, (2) /rdsmonitoringresponse, o (3) /androidactions, también conocido como un ataque de la expansión de entidad XML (XEE). SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 3CVE-2015-2993 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2993
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. SysAid Help Desk anterior a 15.2 no restringe correctamente el acceso a cierta funcionalidad, lo que permite a atacantes remotos (1) crear cuentas de administradores a través de una solicitud manipulada a /createnewaccount o (2) escribir en ficheros arbitrarios a través del parámetro fileName en /userentry. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 4CVE-2014-9436 – SysAid Server - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2014-9436
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. Vulnerabilidad de recorrido de directorio absoluto en SysAid On-Premise anterior a 14.4.2 permite a atacantes remotos leer ficheros arbitrarios a través de un \\\\ (cuatro barras invertidas) en el parámetro fileName en getRdsLogFile. • https://www.exploit-db.com/exploits/35593 http://packetstormsecurity.com/files/129705/SysAid-Server-Arbitrary-File-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/99 http://www.exploit-db.com/exploits/35593 https://exchange.xforce.ibmcloud.com/vulnerabilities/99456 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2179
https://notcve.org/view.php?id=CVE-2008-2179
Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5.1.08 allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SystemList.jsp de SysAid 5.1.08; permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través del parámetro searchField. NOTA: se desconoce el origen de esta información; los detalles han sido obtenidos únicamente de fuentes de terceros. • http://secunia.com/advisories/30074 http://www.securityfocus.com/bid/29037 https://exchange.xforce.ibmcloud.com/vulnerabilities/42243 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •