CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 1CVE-2020-13168
https://notcve.org/view.php?id=CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. SysAid versión 20.1.11b26, permite un ataque de tipo XSS reflejado por medio del parámetro accountid del archivo ForgotPassword.jsp • https://github.com/lodestone-security/CVEs/tree/master/CVE-2020-13168 https://www.sysaid.com/product/on-premise/latest-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10569 – Sysaid 20.1.11 b26 Remote Command Execution
https://notcve.org/view.php?id=CVE-2020-10569
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938 ** EN DISPUTA ** SysAid On-Premise versión 20.1.11, por defecto, habilita el puerto de protocolo AJP, el cual es vulnerable a un ataque de tipo GhostCat. Adicionalmente, permite un acceso no autenticado para cargar archivos, los cuales pueden ser usados para ejecutar comandos en el sistema al encadenarlo con un ataque de tipo GhostCat. NOTA: Esto puede ser un duplicado de CVE-2020-1938. • http://packetstormsecurity.com/files/157314/Sysaid-20.1.11-b26-Remote-Command-Execution.html https://www.sysaid.com/product/on-premise/20-2/release-notes • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 3CVE-2015-2993 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2993
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. SysAid Help Desk anterior a 15.2 no restringe correctamente el acceso a cierta funcionalidad, lo que permite a atacantes remotos (1) crear cuentas de administradores a través de una solicitud manipulada a /createnewaccount o (2) escribir en ficheros arbitrarios a través del parámetro fileName en /userentry. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 87%CPEs: 1EXPL: 4CVE-2015-2994 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. Vulnerabilidad de la subida de ficheros sin restricciones en ChangePhoto.jsp en SysAid Help Desk anterior a 15.2 permite a administradores remotos ejecutar código arbitrario mediante la subida de un fichero con una extensión .jsp, y posteriormente accediendo a ello a través de una solicitud directa al fichero en icons/user_photo/. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 https://www.exploit-db.com/exploits/41691 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk https://seclists.org/fulldisclosure/2015/Jun/8 •
CVSS: 6.8EPSS: 90%CPEs: 1EXPL: 5CVE-2015-2995 – SysAid Help Desk 14.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. El servlet RdsLogsEntry en SysAid Help Desk en versiones anteriores a 15.2 no verifica adecuadamente las extensiones de archivo, lo que permite a atacantes remotos cargar y ejecutar archivos a través de un byte NULL después de la extensión, según lo demostrado por un archivo .war%00. SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities. • https://www.exploit-db.com/exploits/43885 https://www.exploit-db.com/exploits/37667 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Jun/8 http://www.rapid7.com/db/modules/exploit/multi/http/sysaid_rdslogs_file_upload http://www.securityfocus.com/archive/1/535679/100/0/threaded http://www.securityfocus.com/bid/75038 https://www.sysaid.com/blog/entry/sysaid-15-2&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •