Posted by Pedro Ribeiro on Jul 13

tl;dr
Two vulns in Kaseya Virtual System Administrator – an authenticated
arbitrary file download and two lame open redirects.

Full advisory text below and at [1]. Thanks to CERT for helping me to
disclose these vulnerabilities [2].

==========================================================================
Disclosure: 13/07/2015 / Last updated: 13/07/2015

“Kaseya VSA is an integrated IT Systems Management platform that can
be leveraged…