417 matches found
MAL-2025-1943 Malicious code in sysaid-query-data (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sysaid-components-lib (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-1942 Malicious code in sysaid-components-lib (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sysaid-infra-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32067df7060881cbe716c03dd7dc8c3b443263f314412e89e99a435622227b1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1463 Malicious code in sysaid-infra-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32067df7060881cbe716c03dd7dc8c3b443263f314412e89e99a435622227b1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2025-20233
Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem software is affected by an unauthenticated XML External Entity XXE issue in the lshw processing functionality. Exploitation of this issue may allow a remote attacker to tak...
PT-2025-20134
Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem is affected by an unauthenticated XML External Entity XXE issue in the Server URL processing functionality. This allows for administrator account takeover and file read...
PT-2025-20068
Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem is affected by an unauthenticated XML External Entity XXE issue in the Checkin processing functionality. This allows for administrator account takeover and file read...
Exploit for Path Traversal in Sysaid
cve-2023-47246-poc CVE-2023-47246 is a path traversal vulner...
SysAid Help Desk Arbitrary File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Arbitrary File Download', 'Description' = %q This module exploits two vulnerabilities in SysAid Help Desk that allows an...
SysAid Help Desk Administrator Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Administrator Account Creation', 'Description' = %q This module exploits a vulnerability in SysAid Help Desk that allows an...
SysAid Help Desk Database Credentials Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'SysAid Help Desk Database Credentials Disclosure', 'Description' = %q This module exploits a vulnerability in SysAid Help Desk...
The vulnerability of the software for automation of support and control of hardware and software systems from SysAid lies in the lack of measures taken to protect the SQL query structure, allowing attackers to carry out attacks based on SQL injections.
The vulnerability of the software used for automating support and control of hardware and software systems from SysAid is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...
The vulnerability of SysAid’s software for supporting and controlling hardware and software systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.
The vulnerability of the software used for supporting and controlling hardware and software systems of SysAid is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrar...
CVE-2024-36394
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...
CVE-2024-36393
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...
CVE-2024-36393
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...
CVE-2024-36394
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...
CVE-2024-36394
SysAid CVE-2024-36394 is an OS command injection vulnerability caused by improper neutralization of special elements in OS commands. The public details indicate the flaw affects SysAid’s on-premise deployments and can lead to arbitrary command execution within the application’s context. A remedia...
CVE-2024-36394 SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...