CVSS: 8.8EPSS: 17%CPEs: 4EXPL: 3CVE-2015-6589 – Kaseya Virtual System Administrator Authenticated Remote File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6589
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. La vulnerabilidad de Salto de Directorio en Kaseya Virtual System Administrator (VSA) versiones 7.0.0.0 anteriores a 7.0.0.33, versiones 8..0.0.0 anteriores a 8.0.0.23, versiones 9.0.0.0 anteriores a 9.0.0.19 y versiones 9.1.0.0 anteriores a 9.1.0.9, permite a usuarios autenticados remotos escribir y ejecutar archivos arbitrarios debido a restricciones insuficientes en las rutas de archivos en el archivo json.ashx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is required to exploit this vulnerability. The specific flaw exists within the json.ashx HTTP handler, which does not restrict destination file paths. Attackers can leverage this vulnerability to upload and execute arbitrary code on the server under the context of IIS. • https://www.exploit-db.com/exploits/43882 https://www.exploit-db.com/exploits/38351 http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html http://www.zerodayinitiative.com/advisories/ZDI-15-450 https://www.securityfocus.com/bid/76838 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 94%CPEs: 4EXPL: 3CVE-2015-6922 – Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6922
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx. Kaseya Virtual System Administrator (VSA) versiones 7.x anteriores a 7.0.0.33, versiones 8.x anteriores a 8.0.0.23, versiones 9.0 anteriores a 9.0.0.19 y versiones 9.1 anteriores a 9.1.0.9, no requiere autenticación, lo que permite a atacantes remotos omitir la autenticación y ( 1) agregar una cuenta administrativa mediante una petición diseñada en el archivo LocalAuth/setAccount.aspx o (2) escribir y ejecutar archivos arbitrarios por medio de un nombre de ruta completo en el parámetro PathData en el archivo ConfigTab/uploader.aspx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uploader.aspx page, which does not properly require that users be authenticated and does not restrict destination file paths. Attackers can leverage this vulnerability to upload and execute arbitrary code on the server under the context of IIS. • https://www.exploit-db.com/exploits/38351 https://www.exploit-db.com/exploits/38401 http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html http://www.zerodayinitiative.com/advisories/ZDI-15-448 http://www.zerodayinitiative.com/advisories/ZDI-15-449 https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory https://raw.githubusercontent.com/pedrib/PoC/master/advisories/Kaseya/kaseya-vsa-vuln-2.txt https://seclists.org/bugtraq/2015 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2015-2863 – Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2863
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de Open Redirect en Kaseya Virtual System Administrator (VSA) en sus versiones 7.x anteriores a 7.0.0.29, 8.x anteriores a 8.0.0.18, 9.0 anteriores a 9.0.0.14 y 9.1 anteriores a 9.1.0.4 permite a atacantes remotos la redirección arbitraria de usuarios a sitios web con el fin de realizar ataques de phishing a través de vectores no especificados. • https://www.exploit-db.com/exploits/37621 http://www.kb.cert.org/vuls/id/919604 •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 1CVE-2015-2862 – Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2862
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request. Vulnerabilidad de salto de directorio en Kaseya Virtual System Administrator (VSA) en sus versiones 7.x anteriores a 7.0.0.29, 8.x anteriores a 8.0.0.18, 9.0 anteriores a 9.0.0.14 y 9.1 anteriores a 9.1.0.4 permite a usuarios remotos autenticados leer archivos de forma arbitraria mediante peticiones HTTP manipuladas. • https://www.exploit-db.com/exploits/37621 http://www.kb.cert.org/vuls/id/919604 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 1.7EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2926
https://notcve.org/view.php?id=CVE-2014-2926
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. kapfa.sys en Kaseya Virtual System Administrator (VSA) 6.5 anterior a 6.5.0.17 y 7.0 anterior a 7.0.0.16 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo y caída de aplicación) a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/204988 •