11 matches found
Kaseya VSA Master Administrator Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaseya VSA Master Administrator Account Creation', 'Description' = %q This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to...
CVE-2015-6922
Kaseya Virtual System Administrator VSA 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and 1 add an administrative account via crafted request to...
CVE-2015-6922
CVE-2015-6922 details (Kaseya VSA): Versions 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 fail to properly authenticate, enabling remote bypass of login. Two impacts are documented: (1) via LocalAuth/setAccount.aspx an administrative account can be created...
Kaseya Virtual System Administrator Multiple Vulnerabilities (CVE-2015-6922)
Multiple vulnerabilities exists in Kaseya Virtual System Administrator. These vulnerabilities includes privilege escalation to "Master Admin" and multiple remote code execution vulnerabilities. Successful exploitation of these vulnerabilities could lead to remote execution of arbitrary code under...
Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Kaseya VSA uploader.aspx Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability foun...
Kaseya VSA uploader.aspx Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Kaseya VSA uploader.aspx Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability foun...
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
Hi, I have found 3 vulnerabilities in Kaseya's flagship product: - unauthenticated remote code execution CVE-2015-6922 / ZDI-15-449 - unauthenticated remote privilege escalation CVE-2015-6922 / ZDI-15-448 - authenticated remote code execution CVE-2015-6589 / ZDI-15-450 Kaseya VSA is an IT...
Kaseya VSA uploader.aspx Arbitrary File Upload
This module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This module has been tested with Kaseya v7.0.0.17...
Kaseya VSA Master Administrator Account Creation
This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to create a new Master Administrator account. Normally this page is only accessible via the localhost interface, but the application does nothing to prevent this apart from attempting to force a redirect. This module has been...
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)
Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. With this post I'm also releasing two Metasploit modules E1, E2 and a Ruby file E3...
CVE-2015-6922
creationtimestamp| type| source ---|---|--- 2015-09-29 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38351 2015-10-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38401 2018-05-29 15:50:33+00:00| seen|...