Lucene search
HistorySep 23, 2015 - 12:00 a.m.
Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability
2015-09-2300:00:00
Pedro Ribeiro ([email protected]) / Agile Information Security
www.zerodayinitiative.com
17
EPSS
0.944
Percentile
99.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uploader.aspx page, which does not properly require that users be authenticated and does not restrict destination file paths. Attackers can leverage this vulnerability to upload and execute arbitrary code on the server under the context of IIS.
Related
zdi
zdi
prion
prion
Authentication flaw
2020-02-17 18:15:00
cvelist
cvelist
CVE-2015-6922
2020-02-17 18:00:30
exploitdb
exploitdb
metasploit
metasploit
Kaseya VSA Master Administrator Account Creation
2015-09-29 10:51:21
Kaseya VSA uploader.aspx Arbitrary File Upload
2015-09-29 10:56:34
nvd
nvd
CVE-2015-6922
2020-02-17 18:15:11
cve
cve
CVE-2015-6922
2020-02-17 18:15:11
zdt
zdt
Kaseya VSA uploader.aspx Arbitrary File Upload Exploit
2015-10-03 00:00:00
Kaseya Virtual System Administrator - Multiple Vulnerabilities
2015-09-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Kaseya Virtual System Administrator Multiple Vulnerabilities (CVE-2015-6922)
2016-09-22 00:00:00
packetstorm
packetstorm
Kaseya VSA uploader.aspx Arbitrary File Upload
2015-10-02 00:00:00
Kaseya VSA Master Administrator Account Creation
2024-08-31 00:00:00
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
2015-09-30 00:00:00
exploitpack
exploitpack