4 matches found
SysAid Help Desk Arbitrary File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Arbitrary File Download', 'Description' = %q This module exploits two vulnerabilities in SysAid Help Desk that allows an...
CVE-2015-2997
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/sysaidfiledownload.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:39+00:00| seen|...
CVE-2015-2997
SysAid Help Desk (pre-15.2) vulnerability CVE-2015-2997: an information-disclosure path vulnerability via the accountId parameter in getAgentLogFile can reveal installation paths. The CVE is leveraged by combined directory-traversal flaws (CVE-2015-2996) to enable arbitrary file download, demonst...
SysAid Help Desk Arbitrary File Download
This module exploits two vulnerabilities in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. First, an information disclosure vulnerability CVE-2015-2997 is used to obtain the file system path, and then we abuse a directory traversal CVE-2015-2996 ...