Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.288 views

SysAid Help Desk Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Arbitrary File Download', 'Description' = %q This module exploits two vulnerabilities in SysAid Help Desk that allows an...

8.5CVSS7AI score0.86643EPSS
Exploits10
Circl
Circl
added 2018/05/29 3:50 p.m.9 views

CVE-2015-2997

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/sysaidfiledownload.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:39+00:00| seen|...

5CVSS5.5AI score0.57204EPSS
Exploits7References1
CVE
CVE
added 2015/06/08 2:0 p.m.79 views

CVE-2015-2997

SysAid Help Desk (pre-15.2) vulnerability CVE-2015-2997: an information-disclosure path vulnerability via the accountId parameter in getAgentLogFile can reveal installation paths. The CVE is leveraged by combined directory-traversal flaws (CVE-2015-2996) to enable arbitrary file download, demonst...

5CVSS6.1AI score0.57204EPSS
Exploits7References5Affected Software1
Metasploit
Metasploit
added 2015/06/03 8:59 p.m.65 views

SysAid Help Desk Arbitrary File Download

This module exploits two vulnerabilities in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. First, an information disclosure vulnerability CVE-2015-2997 is used to obtain the file system path, and then we abuse a directory traversal CVE-2015-2996 ...

8.5CVSS6.2AI score0.86643EPSS
Exploits10
Rows per page
Query Builder