Kaseya VSA version 6.5.0.0 suffers from cross site scripting and brute forcing vulnerabilities.
7fe218cd1c415fe7ecf706fc430277ad0a16b68a9d7aa68e327097eb8897004bOnline News Portal version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version was made by Parshwa Bhavsar in December of 2020.
93bd83259a496629964b3bdfc7dec79cb9f5a745a22f8e019c9a9d41b334cbfdKaseya VSA Agent versions 9.5 and below suffer from a privilege escalation vulnerability.
7cc84e5477006e75dc9825d8cf1ce0753719555c05c27606395d50fa88bc9deaVSAXESS version 2.6.2.70 build 20171226_053 suffers from an organization field denial of service vulnerability.
95ed02ef8077177ade7f54288b22584b5c5e2a9afa4a8d6c87be278f1d594be6Dell EMC Unity requires an update to address an Incorrect File Permissions vulnerability with multiple files. This vulnerability may potentially be exploited by malicious local users to compromise the affected system. Dell EMC Unity Operating Environment (OE) versions 4.3.0.x and 4.3.1.x and Dell EMC UnityVSA Operating Environment (OE) versions 4.3.0.x and 4.3.1.x are affected.
116d324fb76e3037193d2d9934e1d6a69f043d23dbda365eec2cf81b23d2b544Dell EMC Unity Operating Environment (OE) versions prior to 4.3.1.1525703027 and Dell EMC UnityVSA Operating Environment (OE) versions prior to 4.3.1.1525703027 suffer from authorization bypass, cross site scripting, and url redirection vulnerabilities.
0ed28c30c507c2fb4fe9957e1375fabd1f4bfefb74f954dc4acdbb85d305bae3VSAXESS version 2.6.2.70 build 20171226_053 suffers from a Nickname field denial of service vulnerability.
8796085bf8a6869d32b44943c13ad4ff6834fee3d36fcfb8b4f05e4692d265d7The Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.
ae389b3de0f2ff85eb73501729ef4cc6e3a1d36853d5c2a3572be96e3b97a4e0Kaseya VSA version 9.2 suffers from an authentication bypass vulnerability.
e785da11616e7a87313aa682bf3a5d5846991c50c08eb3af26d282128488274bKaseya VSA version 9.2 suffers from a remote shell upload vulnerability.
3194d2bc7ec7bf4ca1d8cc6d614abed584d5a7059e33e7ada477b3d959687b05A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.
a9945cf5a3532305e46699a157c53b03bab386f744bdea713fee52330aadad85Kaseya VSA version 9.02.00.04 suffers from an information disclosure vulnerability.
5a59d2ffedded5fe54949dd29511e3205fb1e3caac953287dc781deab3742ac4HP Security Bulletin HPSBST03588 1 - A potential security vulnerability has been identified in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS. The vulnerability could be remotely exploited resulting in arbitrary command execution. Revision 1 of this advisory.
782dd5732ac7acd5e00984a08a61b8bf153e990e7fe953e554739b420e1b2abbThis Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.
a3160e35b949105dc779c6f1769beb11f955240e314addc241694dc44304af7dKaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected.
1c99f00ec0d2ed27ea5157a13205f5e690ec57a19a7df31ce5375b1b3e123c64Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.
8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5Mandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098.
0e94abe5e27fe5c6984390ceef5e20904126efa7257c4f4f53cde5ada9829724Mandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update.
9828baab829b1cfc2c285e37421924ea4be6c7aa0f1b88b7541140dd6250d318Avsarsoft Matbaa Script suffers from cross site scripting and remote shell upload vulnerabilities.
66d3454214fa484ffc9e57110b11324f1f1dae0d839287ad32694e041cc64bedMandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process. Packages were missing for Mandriva Business Server 1 with the MDVSA-2015:148 advisory which are now being provided.
43a108dd75415e802700da18907f8eda1002da408a7ff3697f966c331440d789Mandriva Linux Security Advisory 2015-070 - The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file. The updated packages provides the latest 1.1.3.9 version which has more robust fixes for MDVSA-2015:023 and MDVSA-2015:035.
796bd3102ef7c6389d24d91c773931cb0e9d2950fc7139ad29fcc5261a01992dHP Security Bulletin HPSBST03039 - Potential security vulnerabilities have been identified with HP StoreVirtual 4000 Storage and StoreVirtual VSA. The vulnerabilities could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
6602c51ec6623596c7878756e8f0e731f49ba8f5350d89183544c5361c41042eHP Security Bulletin HPSBST02937 - A potential security vulnerability has been identified with HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly known as HP LeftHand Virtual SAN Appliance) dbd_manager. The vulnerability could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.
a65650fb55a317acafa21e8f72f0a1f4fada511dee733a20476db56dbb334434Mandriva Linux Security Advisory 2014-024 - Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file.and the acceptance of an arbitrarily long digit list by a regular expression matched against user input. A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.
6996dd421efa9117f4b483fc6c479c51d2d2854a243ed739ddb0e740fc9be9d1This Metasploit module exploits a buffer overflow vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 10.0. The vulnerability is due to an insecure usage of the sscanf() function when parsing login requests. This Metasploit module has been tested successfully on the HP VSA 9 Virtual Appliance.
c810c80e4fc09b6a9392a10756eb6cd6120f71ac14b60f6318728483ac84327bMandriva Linux Security Advisory 2013-192 - A security vulnerability was discovered and fixed in php-radius. Fixed a security issue in radius_get_vendor_attr() by enforcing checks of the VSA length field against the buffer size. The updated packages have been upgraded to the 1.2.7 version which is not affected by this issue.
5c6452b9c7ec35b97c7fe08d04405fe45650f48c747ee8ca2febcb9671b8f929
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed