417 matches found
Design/Logic Flaw
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service CPU and memory consumption via a large number of nested entity references in an XML document to 1 /agententry, 2 /rdsmonitoringresponse, or 3 /androidactions, aka an XML Entity Expansion XEE attack...
Directory traversal
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message...
CVE-2015-3001
SysAid Help Desk (SysAid Help Desk before 15.2) is affected by multiple vulnerabilities including CVE-2015-3001 (use of a hard-coded sa password: Password1) and CVE-2015-2993 (administrator account creation). The issues enable bypass of access restrictions and potential remote compromise; some en...
CVE-2015-2997
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message...
CVE-2015-3001
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...
CVE-2015-2995
CVE-2015-2995 affects SysAid Help Desk prior to 15.2, in the RdsLogsEntry servlet, where improper file-extension checking allows remote upload and execution of arbitrary files via a NULL byte after the extension (e.g., .war%00). Connected sources confirm a concrete exploit surface, including a Me...
CVE-2015-2997
SysAid Help Desk (pre-15.2) vulnerability CVE-2015-2997: an information-disclosure path vulnerability via the accountId parameter in getAgentLogFile can reveal installation paths. The CVE is leveraged by combined directory-traversal flaws (CVE-2015-2996) to enable arbitrary file download, demonst...
CVE-2015-2996
CVE-2015-2996 affects SysAid Help Desk prior to 15.2. It involves directory traversal vulnerabilities that allow remote attackers to read arbitrary files via .. in the fileName parameter to getGfiUpgradeFile, and to cause a denial of service via .. in the fileName parameter to calculateRdsFileChe...
CVE-2015-2993
SysAid Help Desk before 15.2 is affected by an access-control flaw that lets unauthenticated attackers (1) create administrator accounts via /createnewaccount and (2) write arbitrary files via the fileName parameter to /userentry. Public material confirms vulnerable versions and root cause as imp...
CVE-2015-2999
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the 1 groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a 2 TopAdministratorsByAverageTimer report or an 3 ActiveRequest...
CVE-2015-2994
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/userphoto/...
CVE-2015-2998
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml...
CVE-2015-2996
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to 1 read arbitrary files via a .. dot dot in the fileName parameter to getGfiUpgradeFile or 2 cause a denial of service CPU and memory consumption via a .. dot dot in the fileName parameter to...
CVE-2015-2993
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to 1 create administrator accounts via a crafted request to /createnewaccount or 2 write to arbitrary files via the fileName parameter to /userentry...
CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file...
CVE-2015-2999
CVE-2015-2999: SysAid Help Desk prior to 15.2 contains multiple SQL injection vulnerabilities. The injected vectors include (1) groupFilter in AssetDetails via /genericreport, (2) customSQL in TopAdministratorsByAverageTimer and (3) ActiveRequests via /genericreport, (4) dir parameter to HelpDesk...
CVE-2015-3000
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service CPU and memory consumption via a large number of nested entity references in an XML document to 1 /agententry, 2 /rdsmonitoringresponse, or 3 /androidactions, aka an XML Entity Expansion XEE attack...
CVE-2015-3000
SysAid Help Desk before 15.2 is affected by an XML Entity Expansion (XEE) vulnerability that can be triggered via requests to /agententry, /rdsmonitoringresponse, or /androidactions, allowing denial of service through large nested entity references. Root cause is improper handling of XML entities...
CVE-2015-2994
CVE-2015-2994 is an unrestricted file upload vulnerability in SysAid Help Desk’s ChangePhoto.jsp (before 15.2). An attacker with admin access can upload a .jsp and access it via icons/user_photo/, enabling arbitrary code execution on the server. Evidence of exploitation/poCs exists (Metasploit mo...
CVE-2015-2998
SysAid Help Desk (before version 15.2) is affected by CVE-2015-2998 due to a hardcoded encryption key used to encrypt sensitive data. The vulnerability allows remote attackers to obtain sensitive information by decrypting the database password stored in WEB-INF/conf/serverConf.xml, as demonstrate...