Lucene search
HistorySep 23, 2015 - 12:00 a.m.
Kaseya Virtual System Administrator Authenticated Remote File Upload Remote Code Execution Vulnerability
2015-09-2300:00:00
Pedro Ribeiro ([email protected]) / Agile Information Security
www.zerodayinitiative.com
22
EPSS
0.169
Percentile
96.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is required to exploit this vulnerability. The specific flaw exists within the json.ashx HTTP handler, which does not restrict destination file paths. Attackers can leverage this vulnerability to upload and execute arbitrary code on the server under the context of IIS.
Related
cve
cve
CVE-2015-6589
2020-02-13 21:15:11
nvd
nvd
CVE-2015-6589
2020-02-13 21:15:11
cvelist
cvelist
CVE-2015-6589
2020-02-13 20:11:27
prion
prion
Directory traversal
2020-02-13 21:15:00
packetstorm
packetstorm
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
2015-09-30 00:00:00
exploitdb
exploitdb
exploitpack
exploitpack
zdt
zdt
Kaseya Virtual System Administrator - Multiple Vulnerabilities
2015-09-29 00:00:00