RSS   Vulnerabilities for 'Storage manager'   RSS

2021-07-07
 
CVE-2021-32506

CWE-36
 

 
Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter.

 
 
CVE-2021-32507

CWE-36
 

 
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter.

 
 
CVE-2021-32508

CWE-22
 

 
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter.

 
 
CVE-2021-32509

CWE-61
 

 
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter.

 
 
CVE-2021-32510

CWE-548
 

 
QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter.

 
 
CVE-2021-32511

NVD-CWE-Other
 

 
QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter.

 
 
CVE-2021-32512

CWE-78
 

 
QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands.

 
 
CVE-2021-32513

CWE-78
 

 
QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands.

 
 
CVE-2021-32514

CWE-284
 

 
Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device.

 
 
CVE-2021-32515

CWE-548
 

 
Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information.

 


Copyright 2021, cxsecurity.com

 

Back to Top