CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2015-2997 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2997
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message. SysAid Help Desk anterior a 15.2 permite a atacantes remotos obtener información sensible a través de un valor inválido en el parámetro accountid en getAgentLogFile, tal y como fue demostrado por una secuencia grande de salto de directorio, lo que revela la ruta de instalación en un mensaje de error. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk https://seclists.org/fulldisclosure/2015/Jun/8 https://github.com/pedrib/PoC/blob/master/adv • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 90%CPEs: 1EXPL: 5CVE-2015-2995 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. El servlet RdsLogsEntry en SysAid Help Desk en versiones anteriores a 15.2 no verifica adecuadamente las extensiones de archivo, lo que permite a atacantes remotos cargar y ejecutar archivos a través de un byte NULL después de la extensión, según lo demostrado por un archivo .war%00. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 https://www.exploit-db.com/exploits/37667 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.rapid7.com/db/modules/exploit/multi/http/sysaid_rdslogs_file_upload http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 3CVE-2015-3000 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3000
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack. SysAid Help Desk anterior a 15.2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de un número grande de referencias de entidad anidadas en un documento XML en (1) /agententry, (2) /rdsmonitoringresponse, o (3) /androidactions, también conocido como un ataque de la expansión de entidad XML (XEE). SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 3CVE-2015-2993 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2993
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. SysAid Help Desk anterior a 15.2 no restringe correctamente el acceso a cierta funcionalidad, lo que permite a atacantes remotos (1) crear cuentas de administradores a través de una solicitud manipulada a /createnewaccount o (2) escribir en ficheros arbitrarios a través del parámetro fileName en /userentry. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 4CVE-2014-9436 – SysAid Server - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2014-9436
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. Vulnerabilidad de recorrido de directorio absoluto en SysAid On-Premise anterior a 14.4.2 permite a atacantes remotos leer ficheros arbitrarios a través de un \\\\ (cuatro barras invertidas) en el parámetro fileName en getRdsLogFile. • https://www.exploit-db.com/exploits/35593 http://packetstormsecurity.com/files/129705/SysAid-Server-Arbitrary-File-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/99 http://www.exploit-db.com/exploits/35593 https://exchange.xforce.ibmcloud.com/vulnerabilities/99456 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •