CVSS: 6.5EPSS: 87%CPEs: 1EXPL: 4CVE-2015-2994 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. Vulnerabilidad de la subida de ficheros sin restricciones en ChangePhoto.jsp en SysAid Help Desk anterior a 15.2 permite a administradores remotos ejecutar código arbitrario mediante la subida de un fichero con una extensión .jsp, y posteriormente accediendo a ello a través de una solicitud directa al fichero en icons/user_photo/. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 https://www.exploit-db.com/exploits/41691 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk https://seclists.org/fulldisclosure/2015/Jun/8 •
CVSS: 8.5EPSS: 37%CPEs: 1EXPL: 3CVE-2015-2996 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2996
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. Múltiples vulnerabilidades de salto de directorio en SysAid Help Desk anterior a 15.2 permiten a atacantes remotos (1) leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro fileName en getGfiUpgradeFile o (2) causar una denegación de servicio (consumo de CPU y memoria) a través de un .. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk https://seclists.org/fulldisclosure/2015/Jun/8 https://github.com/pedrib/PoC/blob/master/adv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2015-3001 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3001
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. SysAid Help Desk anterior a 15.2 utiliza una contraseña embebida de Password1 para la cuenta de usuario sa SQL Server Express, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso mediante el aprovechamiento de esta contraseña. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75035 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2015-2999 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2999
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp. Múltiples vulnerabilidades de inyección SQL en SysAid Help Desk anterior a 15.2 permiten a administradores remotos ejecutar comandos SQL arbitrarios a través (1) del parámetro groupFilter en un informe AssetDetails en /genericreport, del parámetro customSQL en (2) un informe TopAdministratorsByAverageTimer o (3) un informe ActiveRequests en /genericreport, (4) del parámetro dir en HelpDesk.jsp, o (5) del parámetro grantSQL en RFCGantt.jsp. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2015-2998 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2998
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml. SysAid Help Desk anterior a 15.2 utiliza una clave de cifrado embebido, lo que facilita a atacantes remotos obtener información sensible, tal y como fue demostrado mediante la descifrado de la contraseña de la base de datos en WEB-INF/conf/serverConf.xml. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75035 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk https://seclists.org/fulldisclosure/2015/Jun/8 https://github.com/pedrib/PoC/blob/master/adv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •