- Home
- CVEs with metasploit.description==This module exploits two vulnerabilities in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. First, an information disclosure vulnerability (CVE-2015-2997) is used to obtain the file system path, and then we abuse a directory traversal (CVE-2015-2996) to download the file. Note that there are some limitations on Windows, in that the information disclosure vulnerability doesn't work on a Windows platform, and we can only traverse the current drive (if you enter C:\afile.txt and the server is running on D:\ the file will not be downloaded). This module has been tested with SysAid 14.4 on Windows and Linux.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top