Lucene search
MitreCVELIST:CVE-2015-6922HistoryFeb 17, 2020 - 6:00 p.m.
CVE-2015-6922
2020-02-1718:00:30
mitre
www.cve.org
4
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.
References
packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html
www.zerodayinitiative.com/advisories/ZDI-15-448
www.zerodayinitiative.com/advisories/ZDI-15-449
helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory
www.exploit-db.com/exploits/38351/
Related
zdi
zdi
prion
prion
Authentication flaw
2020-02-17 18:15:00
metasploit
metasploit
Kaseya VSA Master Administrator Account Creation
2015-09-29 10:51:21
Kaseya VSA uploader.aspx Arbitrary File Upload
2015-09-29 10:56:34
nvd
nvd
CVE-2015-6922
2020-02-17 18:15:11
cve
cve
CVE-2015-6922
2020-02-17 18:15:11
exploitdb
exploitdb
zdt
zdt
Kaseya VSA uploader.aspx Arbitrary File Upload Exploit
2015-10-03 00:00:00
Kaseya Virtual System Administrator - Multiple Vulnerabilities
2015-09-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Kaseya Virtual System Administrator Multiple Vulnerabilities (CVE-2015-6922)
2016-09-22 00:00:00
packetstorm
packetstorm
Kaseya VSA uploader.aspx Arbitrary File Upload
2015-10-02 00:00:00
Kaseya VSA Master Administrator Account Creation
2024-08-31 00:00:00
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
2015-09-30 00:00:00
exploitpack
exploitpack