what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 70 RSS Feed

Files

Kaseya VSA 6.5.0.0 XSS / Brute Force
Posted Apr 4, 2017
Authored by Patrick Webster

Kaseya VSA version 6.5.0.0 suffers from cross site scripting and brute forcing vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7fe218cd1c415fe7ecf706fc430277ad0a16b68a9d7aa68e327097eb8897004b

Related Files

Online News Portal 1.0 Cross Site Scripting
Posted Mar 15, 2021
Authored by Richard Jones

Online News Portal version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version was made by Parshwa Bhavsar in December of 2020.

tags | exploit, xss
SHA-256 | 93bd83259a496629964b3bdfc7dec79cb9f5a745a22f8e019c9a9d41b334cbfd
Kaseya VSA Agent 9.5 Privilege Escalation
Posted Sep 2, 2019
Authored by NF

Kaseya VSA Agent versions 9.5 and below suffer from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 7cc84e5477006e75dc9825d8cf1ce0753719555c05c27606395d50fa88bc9dea
VSAXESS 2.6.2.70 Build 20171226_053 Denial Of Service
Posted Nov 7, 2018
Authored by Diego Santamaria

VSAXESS version 2.6.2.70 build 20171226_053 suffers from an organization field denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 95ed02ef8077177ade7f54288b22584b5c5e2a9afa4a8d6c87be278f1d594be6
Dell EMC Unity Family 4.3.0.x / 4.3.1.x Incorrect File Permissions
Posted Sep 28, 2018
Site emc.com

Dell EMC Unity requires an update to address an Incorrect File Permissions vulnerability with multiple files. This vulnerability may potentially be exploited by malicious local users to compromise the affected system. Dell EMC Unity Operating Environment (OE) versions 4.3.0.x and 4.3.1.x and Dell EMC UnityVSA Operating Environment (OE) versions 4.3.0.x and 4.3.1.x are affected.

tags | advisory, local
advisories | CVE-2018-11064
SHA-256 | 116d324fb76e3037193d2d9934e1d6a69f043d23dbda365eec2cf81b23d2b544
Dell EMC Unity Authorization Bypass / XSS / URL Redirection
Posted Sep 19, 2018
Site emc.com

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027 and Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027 suffer from authorization bypass, cross site scripting, and url redirection vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2018-1246, CVE-2018-1250, CVE-2018-1251
SHA-256 | 0ed28c30c507c2fb4fe9957e1375fabd1f4bfefb74f954dc4acdbb85d305bae3
VSAXESS 2.6.2.70 Build 20171226_053 Denial Of Service
Posted Sep 3, 2018
Authored by Diego Santamaria

VSAXESS version 2.6.2.70 build 20171226_053 suffers from a Nickname field denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 8796085bf8a6869d32b44943c13ad4ff6834fee3d36fcfb8b4f05e4692d265d7
Kaseya Virtual System Administrator (VSA) Local Privilege Escalation
Posted Mar 23, 2018
Authored by Filip Palian

The Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-12410
SHA-256 | ae389b3de0f2ff85eb73501729ef4cc6e3a1d36853d5c2a3572be96e3b97a4e0
Kaseya VSA 9.2 Authentication Bypass
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

Kaseya VSA version 9.2 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | e785da11616e7a87313aa682bf3a5d5846991c50c08eb3af26d282128488274b
Kaseya VSA 9.2 Shell Upload
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

Kaseya VSA version 9.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 3194d2bc7ec7bf4ca1d8cc6d614abed584d5a7059e33e7ada477b3d959687b05
Kaseya VSA R9.2 Arbitrary File Read
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.

tags | exploit, arbitrary
systems | windows
SHA-256 | a9945cf5a3532305e46699a157c53b03bab386f744bdea713fee52330aadad85
Kaseya VSA 9.02.00.04 Information Disclosure
Posted Apr 4, 2017
Authored by Patrick Webster

Kaseya VSA version 9.02.00.04 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 5a59d2ffedded5fe54949dd29511e3205fb1e3caac953287dc781deab3742ac4
HP Security Bulletin HPSBST03588 1
Posted Feb 2, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03588 1 - A potential security vulnerability has been identified in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS. The vulnerability could be remotely exploited resulting in arbitrary command execution. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2016-8529
SHA-256 | 782dd5732ac7acd5e00984a08a61b8bf153e990e7fe953e554739b420e1b2abb
Kaseya VSA uploader.aspx Arbitrary File Upload
Posted Oct 2, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.

tags | exploit, arbitrary, code execution, asp, file upload
advisories | CVE-2015-6922
SHA-256 | a3160e35b949105dc779c6f1769beb11f955240e314addc241694dc44304af7d
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
Posted Sep 30, 2015
Authored by Pedro Ribeiro

Kaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected.

tags | exploit, vulnerability, code execution
advisories | CVE-2015-6589, CVE-2015-6922
SHA-256 | 1c99f00ec0d2ed27ea5157a13205f5e690ec57a19a7df31ce5375b1b3e123c64
Kaseya Virtual System Administrator File Download / Open Redirect
Posted Jul 14, 2015
Authored by Pedro Ribeiro

Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.

tags | exploit, arbitrary, vulnerability
SHA-256 | 8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5
Mandriva Linux Security Advisory 2015-213
Posted Apr 29, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0139
SHA-256 | 0e94abe5e27fe5c6984390ceef5e20904126efa7257c4f4f53cde5ada9829724
Mandriva Linux Security Advisory 2015-208
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update.

tags | advisory, root
systems | linux, mandriva
SHA-256 | 9828baab829b1cfc2c285e37421924ea4be6c7aa0f1b88b7541140dd6250d318
Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload
Posted Apr 23, 2015
Authored by ZoRLu

Avsarsoft Matbaa Script suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | 66d3454214fa484ffc9e57110b11324f1f1dae0d839287ad32694e041cc64bed
Mandriva Linux Security Advisory 2015-148-1
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process. Packages were missing for Mandriva Business Server 1 with the MDVSA-2015:148 advisory which are now being provided.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2015-1782
SHA-256 | 43a108dd75415e802700da18907f8eda1002da408a7ff3697f966c331440d789
Mandriva Linux Security Advisory 2015-070
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-070 - The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file. The updated packages provides the latest 1.1.3.9 version which has more robust fixes for MDVSA-2015:023 and MDVSA-2015:035.

tags | advisory, remote, denial of service, local
systems | linux, mandriva
advisories | CVE-2014-8136, CVE-2015-0236
SHA-256 | 796bd3102ef7c6389d24d91c773931cb0e9d2950fc7139ad29fcc5261a01992d
HP Security Bulletin HPSBST03039
Posted Jul 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03039 - Potential security vulnerabilities have been identified with HP StoreVirtual 4000 Storage and StoreVirtual VSA. The vulnerabilities could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-2605, CVE-2014-2606
SHA-256 | 6602c51ec6623596c7878756e8f0e731f49ba8f5350d89183544c5361c41042e
HP Security Bulletin HPSBST02937
Posted Feb 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02937 - A potential security vulnerability has been identified with HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly known as HP LeftHand Virtual SAN Appliance) dbd_manager. The vulnerability could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2013-4841
SHA-256 | a65650fb55a317acafa21e8f72f0a1f4fada511dee733a20476db56dbb334434
Mandriva Linux Security Advisory 2014-024
Posted Jan 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-024 - Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file.and the acceptance of an arbitrarily long digit list by a regular expression matched against user input. A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.

tags | advisory, overflow, php, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0978, CVE-2014-1236
SHA-256 | 6996dd421efa9117f4b483fc6c479c51d2d2854a243ed739ddb0e740fc9be9d1
HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow
Posted Aug 12, 2013
Authored by juan vazquez, e6af8de8b1d4b2b6d5ba2610cbf9cd38 | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 10.0. The vulnerability is due to an insecure usage of the sscanf() function when parsing login requests. This Metasploit module has been tested successfully on the HP VSA 9 Virtual Appliance.

tags | exploit, overflow
advisories | CVE-2013-2343, OSVDB-94701
SHA-256 | c810c80e4fc09b6a9392a10756eb6cd6120f71ac14b60f6318728483ac84327b
Mandriva Linux Security Advisory 2013-192
Posted Jul 2, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-192 - A security vulnerability was discovered and fixed in php-radius. Fixed a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. The updated packages have been upgraded to the 1.2.7 version which is not affected by this issue.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2013-2220
SHA-256 | 5c6452b9c7ec35b97c7fe08d04405fe45650f48c747ee8ca2febcb9671b8f929
Page 1 of 3
Back123Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close