 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.106005 |
| Categoría: | Web application abuses |
| Título: | SysAid < 15.2 Multiple Vulnerabilities |
| Resumen: | SysAid Help Desktop Software is prone to multiple; vulnerabilities |
| Descripción: | Summary: SysAid Help Desktop Software is prone to multiple vulnerabilities Vulnerability Insight: - CVE-2015-2993: SysAid Help Desktop Software does not properly restrict access to certain functionality. An attacker can create administrators accounts via crafted requests to /createnewaccount or write arbitrary files via the fileName parameter to /userentry. - CVE-2015-2994: A vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not handle correctly directory traversal sequences and does not enforce file extension restrictions. - CVE-2015-2998: SysAid Help Desktop Software uses a hard-coded encryption key. - CVE-2015-2999: A SQL injection vulnerability exists in genericreport, HelpDesk.jsp and RFCGantt.jsp. - CVE-2015-3000: An XML entity expansion vulnerability exists. - CVE-2015-3001: When installing SysAid on Windows with built in SQL-Server Express, the installer sets the sa user password to a pre-defined hard-coded password. Vulnerability Impact: - An unauthenticated attacker can get full administrative access to the application or overwrite arbitrary files. - An authenticated attacker may upload arbitrary files which could lead to remote code execution. - A malicious user can decrypt e.g. the database password stored in serverConf.xml. - A user with administrative rights can perform a SQL injection attack to read and modify the database. - A unauthenticated attacker can create a Denial of Service condition for 10+ seconds. Repeating this will slow down the server extensively. - An attacker can gain administrative access to the built-in SQL Server Express. Affected Software/OS: SysAid Help Desktop version 15.1.x and before. Solution: Update to version 15.2 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2993 BugTraq ID: 75038 http://www.securityfocus.com/bid/75038 Bugtraq: 20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) (Google Search) http://www.securityfocus.com/archive/1/535679/100/0/threaded http://seclists.org/fulldisclosure/2015/Jun/8 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html Common Vulnerability Exposure (CVE) ID: CVE-2015-2994 Common Vulnerability Exposure (CVE) ID: CVE-2015-2998 BugTraq ID: 75035 http://www.securityfocus.com/bid/75035 Common Vulnerability Exposure (CVE) ID: CVE-2015-2999 Common Vulnerability Exposure (CVE) ID: CVE-2015-3000 Common Vulnerability Exposure (CVE) ID: CVE-2015-3001 |
| Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |