Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysaid help desk vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2022-22798
Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to...
Sysaid Sysaid
8.5
CVSSv2
CVE-2015-2996
Multiple directory traversal vulnerabilities in SysAid Help Desk prior to 15.2 allow remote malicious users to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot do...
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
7.8
CVSSv2
CVE-2015-3000
SysAid Help Desk prior to 15.2 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expan...
Sysaid Sysaid
1 EDB exploit
7.5
CVSSv2
CVE-2015-2993
SysAid Help Desk prior to 15.2 does not properly restrict access to certain functionality, which allows remote malicious users to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.
Sysaid Sysaid
1 EDB exploit
6.8
CVSSv2
CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk prior to 15.2 does not properly check file extensions, which allows remote malicious users to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
Sysaid Sysaid
2 EDB exploits
6.5
CVSSv2
CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk prior to 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
Sysaid Sysaid
2 EDB exploits
6.5
CVSSv2
CVE-2015-2999
Multiple SQL injection vulnerabilities in SysAid Help Desk prior to 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer repor...
Sysaid Sysaid
1 EDB exploit
5
CVSSv2
CVE-2015-2998
SysAid Help Desk prior to 15.2 uses a hardcoded encryption key, which makes it easier for remote malicious users to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.
Sysaid Sysaid
1 EDB exploit
5
CVSSv2
CVE-2015-3001
SysAid Help Desk prior to 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
Sysaid Sysaid
1 EDB exploit
5
CVSSv2
CVE-2015-2997
SysAid Help Desk prior to 15.2 allows remote malicious users to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »