Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysaid sysaid vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-43971
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated malicious user to execute arbitrary SQL commands via the filterText parameter.
Sysaid Sysaid 20.4.74
6.5
CVSSv2
CVE-2021-43973
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated malicious user to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path ...
Sysaid Sysaid 20.4.74
6.5
CVSSv2
CVE-2021-30486
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).
Sysaid Sysaid 20.3.64
6.5
CVSSv2
CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk prior to 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
Sysaid Sysaid
2 EDB exploits
6.5
CVSSv2
CVE-2015-2999
Multiple SQL injection vulnerabilities in SysAid Help Desk prior to 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer repor...
Sysaid Sysaid
1 EDB exploit
5.8
CVSSv2
CVE-2022-22797
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible whe...
Sysaid Sysaid
5
CVSSv2
CVE-2021-43974
An issue exists in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable ano...
Sysaid Itil 20.4.74
5
CVSSv2
CVE-2021-36721
Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization prior to 21.3.60 version could get users names from the LDAP server.
Sysaid Application Programming Interface
5
CVSSv2
CVE-2015-2997
SysAid Help Desk prior to 15.2 allows remote malicious users to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
5
CVSSv2
CVE-2015-2998
SysAid Help Desk prior to 15.2 uses a hardcoded encryption key, which makes it easier for remote malicious users to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.
Sysaid Sysaid
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »