Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

415 matches found

Cvelist
Cvelistadded 2022/01/11 7:20 p.m.16 views

CVE-2021-43973

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file...

8.6AI score0.01707EPSS
Exploits0References3
CVE
CVEadded 2022/01/11 7:20 p.m.57 views

CVE-2021-43973

This CVE concerns SysAid ITIL 20.4.74 b10, where UploadPsIcon.jsp is vulnerable to an unrestricted file upload. An authenticated remote attacker can upload an arbitrary file via the file parameter in an HTTP POST, with the server returning the uploaded file’s absolute path. The issue affects the ...

8.8CVSS8.3AI score0.01707EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2022/01/11 7:19 p.m.62 views

CVE-2021-43972

CVE-2021-43972 concerns SysAid ITIL 20.4.74 b10. The vulnerability is an unrestricted file copy in /UserSelfServiceSettings.jsp, exploitable by a remote authenticated attacker who can copy arbitrary server files to the web root via tempFile and fileName in the HTTP POST body. The root cause is in...

6.8CVSS6.2AI score0.01465EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2022/01/11 7:19 p.m.16 views

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

6.5AI score0.01465EPSS
Exploits0References3
Cvelist
Cvelistadded 2022/01/11 7:17 p.m.13 views

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...

9AI score0.01744EPSS
Exploits1References3
CVE
CVEadded 2022/01/11 7:17 p.m.51 views

CVE-2021-43971

CVE-2021-43971 is a SQL injection vulnerability in SysAid ITIL, affect­ing SysAid ITIL 20.4.74 b10. The issue is exploitable via the filterText parameter in /mobile/SelectUsers.jsp, allowing a remote authenticated attacker to execute arbitrary SQL commands. The connected documents confirm the aff...

8.8CVSS8.8AI score0.01744EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2022/01/11 12:0 a.m.2 views

Sysaid Technologies SysAid 代码问题漏洞

SysAid ITIL in version 20.4.74 b10 is vulnerable to file uploads due to the lack of valid validation of uploaded files in UploadPsIcon.jsp in SysAid. A remote authenticated attacker can exploit this vulnerability to upload arbitrary files via the file parameter in the HTTP POST body...

8.8CVSS5.9AI score0.01707EPSS
Exploits0References4
CNNVD
CNNVDadded 2022/01/11 12:0 a.m.1 views

Sysaid Technologies SysAid SQL注入漏洞

Sysaid Technologies SysAid is an IT service management solution from Israel-based SysAid Technologies Sysaid Technologies.A SQL injection vulnerability exists in SysAid ITIL, which can be exploited by attackers to execute arbitrary SQL commands via the filterText parameter...

8.8CVSS6.3AI score0.01744EPSS
Exploits1References4
CNNVD
CNNVDadded 2022/01/11 12:0 a.m.3 views

Sysaid Technologies SysAid 安全漏洞

Sysaid Technologies SysAid is an IT service management solution from the Israeli company SysAid Technologies Sysaid Technologies.A security vulnerability exists in SysAid ITIL, which could be exploited by an attacker to copy arbitrary files on the server file system to the Web root via the HTTP...

6.8CVSS5.9AI score0.01465EPSS
Exploits0References4
CNNVD
CNNVDadded 2022/01/11 12:0 a.m.2 views

Sysaid Technologies SysAid 访问控制错误漏洞

Sysaid Technologies SysAid is an IT service management solution from the Israeli company SysAid Technologies Sysaid Technologies. a security vulnerability in SysAid ITIL could be exploited by an attacker to publish registration data to create new accounts without prior authentication...

5.3CVSS5.6AI score0.01416EPSS
Exploits1References4
CNVD
CNVDadded 2021/12/19 12:0 a.m.15 views

SysAid authorization issue vulnerability

Sysaid Technologies SysAid is a suite of IT service management solutions from Israel-based SysAid Technologies Sysaid Technologies.An authorization issue vulnerability exists in the Sysaid API in versions prior to 21.3.60, which stems from a lack of authentication measures or insufficient...

5.3CVSS2.3AI score0.00444EPSS
Exploits0References1
OSV
OSVadded 2021/12/14 2:15 p.m.1 views

CVE-2021-36721

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server...

5.3CVSS6.1AI score
Exploits0References1
NVD
NVDadded 2021/12/14 2:15 p.m.9 views

CVE-2021-36721

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server...

5.3CVSS0.00444EPSS
Exploits0References1
Prion
Prionadded 2021/12/14 2:15 p.m.15 views

Authorization

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server...

5CVSS5.2AI score0.00444EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2021/12/14 1:59 p.m.10 views

CVE-2021-36721 Sysaid - Sysaid API User Enumeration

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server...

4.4CVSS5.5AI score0.00444EPSS
Exploits0References1
CVE
CVEadded 2021/12/14 1:59 p.m.44 views

CVE-2021-36721

SysAid IT service management product: authorization issue in the SysAid API prior to version 21.3.60. Root cause is insufficient authentication on a specific API path, allowing an attacker to retrieve usernames from an LDAP server. Affected: versions before 21.3.60. Impact: potential disclosure o...

5.3CVSS4.9AI score0.00444EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2021/12/14 12:0 a.m.2 views

SysAid 授权问题漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Israel-based SysAid Technologies Sysaid Technologies.An authorization issue vulnerability exists in the Sysaid API in versions prior to 21.3.60, which stems from a lack of authentication measures or insufficient...

5.3CVSS5.6AI score0.00444EPSS
Exploits0References2
OSV
OSVadded 2021/10/29 11:15 a.m.3 views

CVE-2021-31862

SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication...

6.1CVSS5.8AI score0.03922EPSS
Exploits2References2
NVD
NVDadded 2021/10/29 11:15 a.m.8 views

CVE-2021-31862

SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication...

6.1CVSS0.03922EPSS
Exploits2References2
Prion
Prionadded 2021/10/29 11:15 a.m.15 views

Authentication flaw

SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication...

4.3CVSS5.9AI score0.03922EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder