Vulnerabilities > Sysaid > Sysaid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-08 | CVE-2015-2994 | Multiple Security vulnerability in SysAid Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. | 6.5 |
| 2015-06-08 | CVE-2015-2993 | Permissions, Privileges, and Access Controls vulnerability in Sysaid SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. | 7.5 |
| 2015-01-02 | CVE-2014-9436 | Path Traversal vulnerability in Sysaid 14.4/6.0/6.5 Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. | 5.0 |