CVE-2015-3000
published 2015-06-08CVE-2015-3000: SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references…
PriorityP344high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
8.03%
94.1th percentile
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sysaid | sysaid | <= 15.1 | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_cisco5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xcj8-64wc-2v2p: SysAid Help Desk before 15
ghsa_unreviewed·2022-05-14
CVE-2015-3000 [HIGH] GHSA-xcj8-64wc-2v2p: SysAid Help Desk before 15
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack.
Cisco
Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability
vendor_cisco·2015-09-30·CVSS 4.0
CVE-2015-6308 [MEDIUM] CWE-399 Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability
Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) interface of the Nexus 3000 (N3K) Series Switch could allow an authenticated, remote attacker to cause a partial denial of
service (DoS) condition to the SNMP service running on the device.
The vulnerability is due to improper handling of an SNMP request with a non-existent Object Identifier (OID). An attacker could exploit this vulnerability by sending a crafted SNMP request to the
affected device. An exploit could allow the attacker to cause a partial DoS condition of the SNMP interface where SNMP requests with legitimately formatted OIDs will time out. The DoS condition does clear and SNMP requests will start to be processed normally a
Cisco
Cisco Nexus 3000 Nexus Data Broker Denial of Service Vulnerability
vendor_cisco·2015-08-12·CVSS 5.0
CVE-2015-4296 [MEDIUM] CWE-399 Cisco Nexus 3000 Nexus Data Broker Denial of Service Vulnerability
Cisco Nexus 3000 Nexus Data Broker Denial of Service Vulnerability
A vulnerability in the Nexus Data Broker (NDB) in Cisco Nexus 3000 Series Switches could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition.
The vulnerability is in handling incoming connections to the Java application. An attacker could exploit this vulnerability by sending crafted Java connections to the NDB. An exploit could allow the attacker to cause the Java process to restart, causing a partial DoS condition on the device.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, the attacker would need to send crafted Java connections to a targeted device, making exploitation more difficult in environments that restrict networ
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Jun/8http://www.securityfocus.com/archive/1/535679/100/0/threadedhttp://www.securityfocus.com/bid/75038https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-deskhttp://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Jun/8http://www.securityfocus.com/archive/1/535679/100/0/threadedhttp://www.securityfocus.com/bid/75038https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
2015-06-08
Published