Sysaid

sysaid

Vendor: Sysaid • 29 CVEs

CVEs (29)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-3000 1Sysaid 1Sysaid May 6, 2026 Jun 8, 2015 N/A· v4 N/A· v3 7.8 HIGH· v2 SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringrespo...Show more SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack.Show less
CVE-2015-2999 1Sysaid 1Sysaid May 6, 2026 Jun 8, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQ...Show more Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.Show less
CVE-2015-2998 1Sysaid 1Sysaid May 6, 2026 Jun 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml...Show more SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.Show less
CVE-2015-2997 1Sysaid 1Sysaid May 6, 2026 Jun 8, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reve...Show more SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.Show less
CVE-2015-2996 1Sysaid 1Sysaid May 6, 2026 Jun 8, 2015 N/A· v4 N/A· v3 8.5 HIGH· v2 Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of s...Show more Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.Show less
CVE-2015-2995 1Sysaid 1Sysaid May 6, 2026 Jun 8, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated b...Show more The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.Show less
CVE-2015-2994 1Sysaid 1Sysaid May 6, 2026 Jun 8, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct r...Show more Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.Show less
CVE-2015-2993 1Sysaid 1Sysaid May 6, 2026 Jun 8, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbit...Show more SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.Show less
CVE-2014-9436 1Sysaid 1Sysaid May 6, 2026 Jan 2, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.

Previous 12