Lucene search
K

11 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.247 views

Kaseya VSA Master Administrator Account Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaseya VSA Master Administrator Account Creation', 'Description' = %q This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to...

9.8CVSS7.4AI score0.82102EPSS
Exploits13
NVD
NVD
added 2020/02/17 6:15 p.m.14 views

CVE-2015-6922

Kaseya Virtual System Administrator VSA 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and 1 add an administrative account via crafted request to...

9.8CVSS9.8AI score0.82102EPSS
Exploits13References5
CVE
CVE
added 2020/02/17 6:0 p.m.55 views

CVE-2015-6922

CVE-2015-6922 details (Kaseya VSA): Versions 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 fail to properly authenticate, enabling remote bypass of login. Two impacts are documented: (1) via LocalAuth/setAccount.aspx an administrative account can be created...

9.8CVSS9.6AI score0.82102EPSS
Exploits13References5Affected Software1
Check Point Advisories
Check Point Advisories
added 2016/09/22 12:0 a.m.9 views

Kaseya Virtual System Administrator Multiple Vulnerabilities (CVE-2015-6922)

Multiple vulnerabilities exists in Kaseya Virtual System Administrator. These vulnerabilities includes privilege escalation to "Master Admin" and multiple remote code execution vulnerabilities. Successful exploitation of these vulnerabilities could lead to remote execution of arbitrary code under...

7.5CVSS3.9AI score0.82102EPSS
Exploits13
Exploit DB
Exploit DB
added 2015/10/05 12:0 a.m.36 views

Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Kaseya VSA uploader.aspx Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability foun...

9.8CVSS7.4AI score0.82102EPSS
Exploits13
Packet Storm
Packet Storm
added 2015/10/02 12:0 a.m.28 views

Kaseya VSA uploader.aspx Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Kaseya VSA uploader.aspx Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability foun...

0.6AI score0.82102EPSS
Exploits13
Packet Storm
Packet Storm
added 2015/09/30 12:0 a.m.48 views

Kaseya Virtual System Administrator Code Execution / Privilege Escalation

Hi, I have found 3 vulnerabilities in Kaseya's flagship product: - unauthenticated remote code execution CVE-2015-6922 / ZDI-15-449 - unauthenticated remote privilege escalation CVE-2015-6922 / ZDI-15-448 - authenticated remote code execution CVE-2015-6589 / ZDI-15-450 Kaseya VSA is an IT...

0.9AI score0.82102EPSS
Exploits14
Metasploit
Metasploit
added 2015/09/29 10:56 a.m.70 views

Kaseya VSA uploader.aspx Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This module has been tested with Kaseya v7.0.0.17...

9.8CVSS0.5AI score0.82102EPSS
Exploits13
Metasploit
Metasploit
added 2015/09/29 10:51 a.m.52 views

Kaseya VSA Master Administrator Account Creation

This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to create a new Master Administrator account. Normally this page is only accessible via the localhost interface, but the application does nothing to prevent this apart from attempting to force a redirect. This module has been...

9.8CVSS6.9AI score0.82102EPSS
Exploits13
Exploit DB
Exploit DB
added 2015/09/29 12:0 a.m.45 views

Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)

Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. With this post I'm also releasing two Metasploit modules E1, E2 and a Ruby file E3...

9.8CVSS9.3AI score0.82102EPSS
Exploits14
Circl
Circl
added 2015/09/29 12:0 a.m.100 views

CVE-2015-6922

creationtimestamp| type| source ---|---|--- 2015-09-29 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38351 2015-10-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38401 2018-05-29 15:50:33+00:00| seen|...

9.8CVSS9.3AI score0.82102EPSS
Exploits13References4
Rows per page
Query Builder