CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32513 – QSAN Storage Manager - Command Injection Following via QsanTorture function
https://notcve.org/view.php?id=CVE-2021-32513
QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. QsanTorture en QSAN Storage Manager no filtra correctamente los parámetros especiales que permiten a los atacantes remotos no autentificados inyectar y ejecutar comandos arbitrarios. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4869-714a5-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32512 – QSAN Storage Manager - Command Injection Following via QuickInstall function
https://notcve.org/view.php?id=CVE-2021-32512
QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. QuickInstall en QSAN Storage Manager no filtra correctamente los parámetros especiales que permiten a los atacantes remotos no autentificados inyectar y ejecutar comandos arbitrarios. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4868-75574-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32511 – QSAN Storage Manager - Exposure of Information Through Directory Listing Following via ViewBroserList function
https://notcve.org/view.php?id=CVE-2021-32511
QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. QSAN Storage Manager a través de la vulnerabilidad del listado de directorios en ViewBroserList permite a los atacantes remotos autentificados listar directorios arbitrarios a través del parámetro de la ruta del archivo. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4867-9c11c-1.html • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32510 – QSAN Storage Manager - Exposure of Information Through Directory Listing Following via Antivirus function
https://notcve.org/view.php?id=CVE-2021-32510
QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. QSAN Storage Manager a través de la vulnerabilidad del listado de directorios en la función antivirus permite a atacantes remotos autentificados listar directorios arbitrarios inyectando el parámetro de la ruta del archivo. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4866-b820b-1.html • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32509 – QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function
https://notcve.org/view.php?id=CVE-2021-32509
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad Absolute Path Traversal en FileviewDoc en QSAN Storage Manager permite a los atacantes remotos autentificados acceder a archivos arbitrarios inyectando el Symbolic Link siguiendo el parámetro Url path. La referida vulnerabilidad ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •