Vulnerability CVE-2015-6589
Published: 2020-02-13   Modified: 2020-02-14

Description:
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
Agile Informatio...
30.09.2015

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

 References:
http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html
http://www.zerodayinitiative.com/advisories/ZDI-15-450
https://www.exploit-db.com/exploits/38351/
https://www.securityfocus.com/bid/76838
Copyright 2024, cxsecurity.com

 

Back to Top