Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysaid sysaid vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk prior to 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
Sysaid Sysaid
2 EDB exploits
6.8
CVSSv2
CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk prior to 15.2 does not properly check file extensions, which allows remote malicious users to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
Sysaid Sysaid
2 EDB exploits
5
CVSSv2
CVE-2015-2998
SysAid Help Desk prior to 15.2 uses a hardcoded encryption key, which makes it easier for remote malicious users to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.
Sysaid Sysaid
1 EDB exploit
5
CVSSv2
CVE-2015-3001
SysAid Help Desk prior to 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
Sysaid Sysaid
1 EDB exploit
8.5
CVSSv2
CVE-2015-2996
Multiple directory traversal vulnerabilities in SysAid Help Desk prior to 15.2 allow remote malicious users to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot do...
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
5
CVSSv2
CVE-2015-2997
SysAid Help Desk prior to 15.2 allows remote malicious users to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
6.5
CVSSv2
CVE-2015-2999
Multiple SQL injection vulnerabilities in SysAid Help Desk prior to 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer repor...
Sysaid Sysaid
1 EDB exploit
4.3
CVSSv2
CVE-2022-23165
Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an malicious user to exploit this Cross-Site Scripting vu...
Sysaid Sysaid
6.5
CVSSv2
CVE-2021-30486
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).
Sysaid Sysaid 20.3.64
4.3
CVSSv2
CVE-2021-30049
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
Sysaid Sysaid 20.3.64
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »