23 matches found
EUVD-2014-2948
Malware in sbrugna...
EUVD-2015-2950
Malware in sbrugna...
EUVD-2017-3983
Malware in sbrugna...
Kaseya Virtual System Administrator (VSA) Detection
Binary data kaseyavsadetect.nbin...
CVE-2019-15506
An issue was discovered in Kaseya Virtual System Administrator VSA through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the...
Race condition
It is possible to exploit a Time of Check & Time of Use TOCTOU vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of...
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use TOCTOU vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of...
CVE-2017-12410
Kaseya VSA Agent
Kaseya Virtual System Administrator - Multiple Vulnerabilities
Exploit for asp platform in category web applications Kaseya VSA is an IT management platform for small and medium corporates. From its console you can control thousands of computers and mobile devices. So that if you own the Kaseya server, you own the organisation. With this post I'm also...
Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uploader.aspx page, which does not properly require that users...
Kaseya Virtual System Administrator Remote Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the forwarding service's handing of the setAccount.aspx page, whic...
Kaseya Virtual System Administrator Authenticated Remote File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is required to exploit this vulnerability. The specific flaw exists within the json.ashx HTTP handler, which does not restrict destination file...
CVE-2015-2862
Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request...
Directory traversal
Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request...
CVE-2015-2862
Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request...
CVE-2015-2863
Open redirect vulnerability in Kaseya Virtual System Administrator VSA 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Kaseya Virtual System Administrator Multiple Vulnerabilities - Active Check
Kaseya Virtual System Administrator is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Kaseya Virtual System Administrator File Download / Open Redirect
tl;dr Two vulns in Kaseya Virtual System Administrator - an authenticated arbitrary file download and two lame open redirects. Full advisory text below and at 1. Thanks to CERT for helping me to disclose these vulnerabilities 2. Multiple vulnerabilities in Kaseya Virtual System Administrator...
Kaseya Virtual System Administrator contains multiple vulnerabilities
Overview Kaseya Virtual System Administrator VSA, versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities. Description CWE-22: Improper Limitation of Pathname to a Restricted Directory 'Path Traversal' - CVE-2015-2862Kaseya VSA is an IT management...
CVE-2014-2926
kapfa.sys in Kaseya Virtual System Administrator VSA 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service NULL pointer dereference and application crash via unspecified vectors...