8 matches found
CVE-2018-20753
Summary : CVE-2018-20753 affects Kaseya VSA RMM on-premises. Vulnerable versions : RMM before 9.3.0.35, before 9.4.0.36, and before 9.5.0.5. Impact : unprivileged remote attackers can execute PowerShell payloads on all managed devices. Exploitation note : attackers were active in the wild in Janu...
CVE-2017-12410
Kaseya VSA Agent
CVE-2015-2863
Kaseya Virtual System Administrator (VSA) Open Redirect (CVE-2015-2863) affects VSA 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4. An attacker can redirect users to arbitrary sites to facilitate phishing via unspecified vectors. Remediation per sources: app...
CVE-2015-6589
CVE-2015-6589 is a directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) affecting versions 7.0.0.0–7.0.0.32, 8.0.0.0–8.0.0.22, 9.0.0.0–9.0.0.18, and 9.1.0.0–9.1.0.8/9.1.0.9 (pre-patch). The issue arises from insufficient restrictions on file paths to json.ashx, allowing ...
CVE-2015-2862
CVE-2015-2862 affects Kaseya Virtual System Administrator (VSA). A directory traversal vulnerability allows remote authenticated users to read arbitrary files via a crafted HTTP request. Affected VSA versions are 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0....
CVE-2015-6922
CVE-2015-6922 details (Kaseya VSA): Versions 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 fail to properly authenticate, enabling remote bypass of login. Two impacts are documented: (1) via LocalAuth/setAccount.aspx an administrative account can be created...
CVE-2019-15506
Kaseya Virtual System Administrator (VSA) up to 9.4.0.37 contains an information disclosure vulnerability. An unauthenticated attacker can issue properly formatted web requests and download sensitive files and information. The /DATAREPORTS directory (and other directories) can be exploited to har...
CVE-2014-2926
CVE-2014-2926 affects Kaseya Virtual System Administrator (VSA) with kapfa.sys vulnerable to a NULL pointer dereference. Versions affected: VSA 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16. Local authenticated attackers could cause a denial of service (and, per CERT, potentially code execution in ...