daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2015/CVE-2015-2996.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-02-22 13:56:39 -05:00
parent bc0844999b
commit 43d1f3979d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2015/CVE-2015-2996.yaml
View File

@ -5,7 +5,7 @@ info:
author: 0x_Akoko
severity: high
description: |
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
reference:
- https://seclists.org/fulldisclosure/2015/Jun/8
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk