4 matches found
CVE-2015-6589
CVE-2015-6589 is a directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) affecting versions 7.0.0.0–7.0.0.32, 8.0.0.0–8.0.0.22, 9.0.0.0–9.0.0.18, and 9.1.0.0–9.1.0.8/9.1.0.9 (pre-patch). The issue arises from insufficient restrictions on file paths to json.ashx, allowing ...
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
Hi, I have found 3 vulnerabilities in Kaseya's flagship product: - unauthenticated remote code execution CVE-2015-6922 / ZDI-15-449 - unauthenticated remote privilege escalation CVE-2015-6922 / ZDI-15-448 - authenticated remote code execution CVE-2015-6589 / ZDI-15-450 Kaseya VSA is an IT...
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)
Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. With this post I'm also releasing two Metasploit modules E1, E2 and a Ruby file E3...
Kaseya Virtual System Administrator (VSA) 7.0 9.1 - (Authenticated) Arbitrary File Upload
Kaseya Virtual System Administrator VSA 7.0 9.1 - Authenticated Arbitrary File Upload !/usr/bin/ruby kazPwn.rb - Kaseya VSA v7 to v9.1 authenticated arbitrary file upload CVE-2015-6589 / ZDI-15-450 =================== by Pedro Ribeiro / Agile Information Security Disclosure date: 28/09/2015 Usage...