Skip to main content
CVE-2015-2995 MEDIUM POC THREAT This Month

The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 79.2%.

Path Traversal Sysaid
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
79.2%
Threat
5.2
CVE-2015-2994 MEDIUM POC THREAT This Month

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.9%.

RCE File Upload Sysaid
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
76.9%
Threat
5.1
CVE-2015-2997 MEDIUM POC THREAT This Month

SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.8%.

Path Traversal Information Disclosure Sysaid
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
80.8%
Threat
4.9
CVE-2015-2998 MEDIUM POC THREAT This Month

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 62.2%.

Information Disclosure Sysaid
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
62.2%
Threat
4.4
CVE-2015-3001 MEDIUM POC THREAT This Month

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.7%.

Authentication Bypass Sysaid
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.7%
CVE-2015-2999 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sysaid
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy