CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32508 – QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function
https://notcve.org/view.php?id=CVE-2021-32508
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad Absolute Path Traversal en FileStreaming en QSAN Storage Manager permite a los atacantes remotos autentificados acceder a archivos arbitrarios inyectando el Symbolic Link siguiendo el parámetro Url path. La referida vulnerabilidad ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32507 – QSAN Storage Manager - Absolute Path Traversal via FileDownload function
https://notcve.org/view.php?id=CVE-2021-32507
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad Absolute Path Traversal en FileDownload en QSAN Storage Manager permite a los atacantes remotos autentificados descargar archivos arbitrarios a través del parámetro Url path. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4863-57d4a-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32506 – QSAN Storage Manager - Absolute Path Traversal via GetImage function
https://notcve.org/view.php?id=CVE-2021-32506
Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 . La vulnerabilidad Absolute Path Traversal en GetImage en QSAN Storage Manager permite a los atacantes remotos autentificados descargar archivos arbitrarios a través del parámetro Url path. La referida vulnerabilidad ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4862-f8b86-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVSS: 7.8EPSS: 34%CPEs: 1EXPL: 0CVE-2017-14384 – Dell EMC Storage Manager EmConfigMigration Servlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-14384
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. En versiones anteriores a la 16.3.20 de Dell Storage Manager, el servicio EMConfigMigration se ha visto afectado por una vulnerabilidad de salto de directorio. Un usuario malicioso remoto podría explotar esta vulnerabilidad para leer archivos no autorizados proporcionando cadenas especialmente manipuladas en los parámetros de entrada de la aplicación. • http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf http://www.securityfocus.com/bid/103467 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 20%CPEs: 3EXPL: 3CVE-2012-2576 – SolarWinds Storage Manager 5.1.0 - Remote SYSTEM SQL Injection
https://notcve.org/view.php?id=CVE-2012-2576
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. Vulnerabilidad de inyección SQL en la página LoginServlet en SolarWinds Storage Manager en versiones anteriores a la 5.1.2, SolarWinds Storage Profiler en versiones anteriores a la 5.1.2 y SolarWinds Backup Profiler en versiones anteriores a la 5.1.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el campo loginName. • https://www.exploit-db.com/exploits/18818 http://www.exploit-db.com/exploits/18818 http://www.exploit-db.com/exploits/18833 http://www.securityfocus.com/bid/51639 http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/72680 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •