Skip to main content
CVE-2015-2996 HIGH POC THREAT Act Now

Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 88.2%.

Path Traversal Denial Of Service Sysaid
NVD Exploit-DB
CVSS 2.0
8.5
EPSS
88.2%
Threat
5.8
CVE-2015-2995 MEDIUM POC THREAT This Month

The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 79.2%.

Path Traversal Sysaid
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
79.2%
Threat
5.2
CVE-2015-2994 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.9%.

RCE File Upload Sysaid
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
76.9%
Threat
5.1
CVE-2015-2993 HIGH POC THREAT Act Now

SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.0%.

Privilege Escalation Sysaid
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
77.0%
Threat
5.3
CVE-2015-2997 MEDIUM POC THREAT This Month

SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.8%.

Path Traversal Information Disclosure Sysaid
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
80.8%
Threat
4.9
CVE-2015-2998 MEDIUM POC THREAT This Month

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 62.2%.

Information Disclosure Sysaid
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
62.2%
Threat
4.4
CVE-2015-3000 HIGH POC THREAT Act Now

SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry,. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.1%.

Denial Of Service Sysaid
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
20.1%
CVE-2015-4051 CRITICAL POC Act Now

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Ipc Diagnostics
NVD
CVSS 2.0
9.0
EPSS
2.0%
CVE-2015-3905 HIGH POC This Week

Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Ubuntu Linux T1Utils
NVD GitHub
CVSS 2.0
7.5
EPSS
4.7%
CVE-2015-3001 MEDIUM POC THREAT This Month

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.7%.

Authentication Bypass Sysaid
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.7%
CVE-2014-6284 HIGH POC This Week

SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Adaptive Server Enterprise
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-2999 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sysaid
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.0%
CVE-2015-3201 LOW POC Monitor

Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Thermostat
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2015-4053 LOW PATCH Monitor

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ceph Deploy
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy