13 matches found
CVE-2025-67223
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
CVE-2025-67223
The CVE concerns the Aranda File Server (AFS) component in Aranda Software Aranda Service Desk prior to 8.3.12. It stores daily activity logs with predictable names in a publicly accessible directory, enabling unauthenticated remote attackers to obtain direct virtual paths to uploaded files and b...
CVE-2025-67223
The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...
Aranda Service Desk 安全漏洞
Aranda Service Desk is an IT service management and helpdesk system provided by the American company Aranda. Versions of Aranda Service Desk prior to 8.3.12 contained security vulnerabilities. These vulnerabilities stemmed from the Aranda File Server component storing daily activity logs in a...
CVE-2025-70995
An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...
EUVD-2025-208329
An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...
CVE-2025-70995
An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...
CVE-2025-70995
An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...
CVE-2025-70995
An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...
PT-2026-23513
Name of the Vulnerable Software and Affected Versions Aranda Service Desk Web Edition ASDK API version 8.6 Description An issue allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file ...
CVE-2025-70995
CVE-2025-70995 concerns Aranda Service Desk Web Edition (ASDK API 8.6). An authenticated user can upload a crafted web.config via POST to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime, altering the upload directory’s execution context to allow compilation and execution...
CVE-2025-70995
An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...
Aranda Service Desk Web Edition 安全漏洞
Aranda Service Desk Web Edition is a process management support system developed by the American company Aranda. There is a security vulnerability in Aranda Service Desk Web Edition, which stems from improper validation of uploaded files, potentially allowing remote code execution...