Lucene search
K

417 matches found

OSV
OSV
added 2025/03/03 1:40 p.m.3 views

MAL-2025-1943 Malicious code in sysaid-query-data (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/03 1:40 p.m.4 views

Malicious code in sysaid-components-lib (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/03/03 1:40 p.m.2 views

MAL-2025-1942 Malicious code in sysaid-components-lib (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/18 10:31 a.m.3 views

Malicious code in sysaid-infra-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32067df7060881cbe716c03dd7dc8c3b443263f314412e89e99a435622227b1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/02/18 10:31 a.m.7 views

MAL-2025-1463 Malicious code in sysaid-infra-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32067df7060881cbe716c03dd7dc8c3b443263f314412e89e99a435622227b1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.6 views

PT-2025-20233

Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem software is affected by an unauthenticated XML External Entity XXE issue in the lshw processing functionality. Exploitation of this issue may allow a remote attacker to tak...

9.8CVSS8.7AI score0.79133EPSS
Exploits1References24
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.4 views

PT-2025-20134

Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem is affected by an unauthenticated XML External Entity XXE issue in the Server URL processing functionality. This allows for administrator account takeover and file read...

9.8CVSS8.6AI score0.72971EPSS
Exploits2References68
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.6 views

PT-2025-20068

Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem is affected by an unauthenticated XML External Entity XXE issue in the Checkin processing functionality. This allows for administrator account takeover and file read...

9.3CVSS9.3AI score0.55177EPSS
Exploits1References65
GithubExploit
GithubExploit
added 2024/11/23 5:21 a.m.279 views

Exploit for Path Traversal in Sysaid

cve-2023-47246-poc CVE-2023-47246 is a path traversal vulner...

9.8CVSS7.8AI score0.98851EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.288 views

SysAid Help Desk Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Arbitrary File Download', 'Description' = %q This module exploits two vulnerabilities in SysAid Help Desk that allows an...

8.5CVSS7AI score0.86643EPSS
Exploits10
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.148 views

SysAid Help Desk Administrator Account Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SysAid Help Desk Administrator Account Creation', 'Description' = %q This module exploits a vulnerability in SysAid Help Desk that allows an...

7.5CVSS7AI score0.55362EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.217 views

SysAid Help Desk Database Credentials Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'SysAid Help Desk Database Credentials Disclosure', 'Description' = %q This module exploits a vulnerability in SysAid Help Desk...

8.5CVSS7AI score0.86643EPSS
Exploits10
BDU FSTEC
BDU FSTEC
added 2024/08/14 12:0 a.m.9 views

The vulnerability of the software for automation of support and control of hardware and software systems from SysAid lies in the lack of measures taken to protect the SQL query structure, allowing attackers to carry out attacks based on SQL injections.

The vulnerability of the software used for automating support and control of hardware and software systems from SysAid is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

9.9CVSS5.6AI score0.00419EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/07 12:0 a.m.5 views

The vulnerability of SysAid’s software for supporting and controlling hardware and software systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of the software used for supporting and controlling hardware and software systems of SysAid is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

9.1CVSS6.3AI score0.01101EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/06/06 9:15 a.m.5 views

CVE-2024-36394

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

9.8CVSS6AI score0.01101EPSS
Exploits0References1
NVD
NVD
added 2024/06/06 9:15 a.m.18 views

CVE-2024-36393

SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

9.9CVSS9.9AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2024/06/06 9:15 a.m.3 views

CVE-2024-36393

SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

9.8CVSS5.8AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2024/06/06 9:15 a.m.17 views

CVE-2024-36394

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

9.8CVSS9.4AI score0.01101EPSS
Exploits0References1
CVE
CVE
added 2024/06/06 8:20 a.m.63 views

CVE-2024-36394

SysAid CVE-2024-36394 is an OS command injection vulnerability caused by improper neutralization of special elements in OS commands. The public details indicate the flaw affects SysAid’s on-premise deployments and can lead to arbitrary command execution within the application’s context. A remedia...

9.8CVSS9.4AI score0.01101EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/06 8:20 a.m.24 views

CVE-2024-36394 SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'...

9.1CVSS9.4AI score0.01101EPSS
Exploits0References1
Rows per page
Query Builder