127 matches found
Kaseya VSA < 9.5.7 - Arbitrary File Upload to Remote Code Execution
An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...
Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...
EUVD-2019-6494
Malware in sbrugna...
EUVD-2019-5685
Malware in sbrugna...
EUVD-2021-17058
Malware in sbrugna...
EUVD-2021-17060
Malware in sbrugna...
CVE-2021-30116
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...
CVE-2021-30120
Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...
CVE-2021-30118
An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...
CVE-2019-14510
An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx e.g., FSAdmin123456789 on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed...
CVE-2019-15506
An issue was discovered in Kaseya Virtual System Administrator VSA through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the...
Kaseya VSA Master Administrator Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaseya VSA Master Administrator Account Creation', 'Description' = %q This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to...
The vulnerability of the /InstallTab/exportFldr.asp component of the Kaseya VSA software, a virtual system administrator tool for IT systems, allows a hacker to execute arbitrary SQL code.
The vulnerability of the /InstallTab/exportFldr.asp component of the Kaseya VSA software for remote monitoring and management of IT systems is related to the lack of protection for the SQL query structure during the processing of the fldrId parameter. Exploiting this vulnerability allows an...
Ransomware review: April 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...
Threat Source newsletter (April 6, 2023) — Another friendly reminder about supply chain attacks
Welcome to this weeks edition of the Threat Source newsletter. It seems like we cant go a full calendar year without a major supply chain attack. In late 2020 we had the SolarWinds incident which, doesnt that somehow seem like five years ago but also yesterday?, then the REvil ransomware group...
NetStandard attack should make Managed Service Providers sit up and take notice
Managed Service Providers MSPs, organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntres...
NetStandard attack should make Managed Service Providers sit up and take notice
Managed Service Providers MSPs, organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntres...
The vulnerability of the ManagedIT.asmx component of the ConnectWise ManagedITSync plugin in the Kaseya VSA IT-infrastructure management platform allows a attacker to execute arbitrary SQL commands.
The vulnerability of the ManagedIT.asmx component of the ConnectWise ManagedITSync business management platform is related to the lack of validation for the validity of XML objects’ sequences. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL commands through th...
Kaseya VSA < 9.3.0.35 / 9.4 < 9.4.0.36 / 9.5 < 9.5.0.5 RCE
The version of Kaseya VSA installed on the remote host is affected by a remote code execution vulnerability. Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January...
Kaseya VSA Remote Code Execution (CVE-2018-20753)
A remote code execution vulnerability exists in Kaseya VSA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...