Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysaid sysaid vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated malicious user to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters i...
Sysaid Sysaid 20.4.74
445
VMScore
CVE-2021-43974
An issue exists in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable ano...
Sysaid Itil 20.4.74
445
VMScore
CVE-2021-36721
Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization prior to 21.3.60 version could get users names from the LDAP server.
Sysaid Application Programming Interface
383
VMScore
CVE-2021-31862
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
Sysaid Sysaid 20.4.74
1 Github repository
383
VMScore
CVE-2021-30049
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
Sysaid Sysaid 20.3.64
578
VMScore
CVE-2021-30486
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).
Sysaid Sysaid 20.3.64
383
VMScore
CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
Sysaid Sysaid On-premises 5.0
Sysaid Sysaid On-premises 5.5.06
Sysaid Sysaid On-premises 5.6
Sysaid Sysaid On-premises 6.0.9
Sysaid Sysaid On-premises 6.5
Sysaid Sysaid On-premises 7.0
Sysaid Sysaid On-premises 7.5
Sysaid Sysaid On-premises 8.0
Sysaid Sysaid On-premises 8.1
Sysaid Sysaid On-premises 8.5
Sysaid Sysaid On-premises 9.0.10
Sysaid Sysaid On-premises 9.0.30
Sysaid Sysaid On-premises 9.0.40
Sysaid Sysaid On-premises 9.0.52
Sysaid Sysaid On-premises 9.0.53
Sysaid Sysaid On-premises 9.1.0
Sysaid Sysaid On-premises 14.1
Sysaid Sysaid On-premises 14.2
Sysaid Sysaid On-premises 14.3
Sysaid Sysaid On-premises 14.4.00
Sysaid Sysaid On-premises 14.4.1
Sysaid Sysaid On-premises 14.4.2
890
VMScore
CVE-2020-10569
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may...
Sysaid On-premise 20.1.11
755
VMScore
CVE-2015-2993
SysAid Help Desk prior to 15.2 does not properly restrict access to certain functionality, which allows remote malicious users to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.
Sysaid Sysaid
1 EDB exploit
660
VMScore
CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk prior to 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
Sysaid Sysaid
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »