37 matches found
EUVD-2013-5295
Malware in sbrugna...
EUVD-2015-2950
Malware in sbrugna...
EUVD-2014-2948
Malware in sbrugna...
EUVD-2017-3983
Malware in sbrugna...
CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...
Security Bulletin: IBM Workload Deployer - Security vulnerability found in the command-line interface (CVE-2013-5455)
Abstract A security vulnerability found in the command-line interface allows users with read-only rights to delete, start, and stop any virtual system. Content Authenticated users of IBM Workload Deployer 3.1.0.0 and later with lesser privilege roles can use the command-line interface to perform...
Kaseya Virtual System Administrator (VSA) Detection
Binary data kaseyavsadetect.nbin...
CVE-2019-15506
An issue was discovered in Kaseya Virtual System Administrator VSA through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the...
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server on Cloud
Summary There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server. There is a potential information disclosure in WebSphere Application Server using malformed SOAP requests on WebSphere Application Server. Vulnerability Details Please consult th...
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Applciation Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud
Summary There is a potential information disclosure vulnerability in Admin Center for IBM WebSphere Application Server Liberty. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is ...
Race condition
It is possible to exploit a Time of Check & Time of Use TOCTOU vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of...
CVE-2017-12410
Kaseya VSA Agent
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use TOCTOU vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of...
Kaseya Virtual System Administrator Multiple Vulnerabilities (CVE-2015-6922)
Multiple vulnerabilities exists in Kaseya Virtual System Administrator. These vulnerabilities includes privilege escalation to "Master Admin" and multiple remote code execution vulnerabilities. Successful exploitation of these vulnerabilities could lead to remote execution of arbitrary code under...
Kaseya Virtual System Administrator - Multiple Vulnerabilities
Exploit for asp platform in category web applications Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. With this post I'm also...
Kaseya Virtual System Administrator Remote Code Execution Vulnerability
Kaseya Virtual System Administrator is a suite of IT system management platforms for simplifying and automating IT services. Kaseya Virtual System Administrator's json.ashx handles HTTP headers without restricting the destination file path, allowing remote attackers to submit a special request to...
Kaseya Virtual System Administrator Elevation of Privilege Vulnerability
Kaseya Virtual System Administrator is a suite of IT system management platforms for simplifying and automating IT services. Kaseya Virtual System Administrator does not enforce user authentication and does not restrict target file paths, allowing remote attackers to exploit vulnerabilities to...
Kaseya Virtual System Administrator Authenticated Remote File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is required to exploit this vulnerability. The specific flaw exists within the json.ashx HTTP handler, which does not restrict destination file...
Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uploader.aspx page, which does not properly require that users...
Kaseya Virtual System Administrator Remote Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the forwarding service's handing of the setAccount.aspx page, whic...