CVE-2021-32511 – QSAN Storage Manager - Exposure of Information Through Directory Listing Following via ViewBroserList function
https://notcve.org/view.php?id=CVE-2021-32511
QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. QSAN Storage Manager a través de la vulnerabilidad del listado de directorios en ViewBroserList permite a los atacantes remotos autentificados listar directorios arbitrarios a través del parámetro de la ruta del archivo. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4867-9c11c-1.html • CWE-548: Exposure of Information Through Directory Listing •
CVE-2021-32510 – QSAN Storage Manager - Exposure of Information Through Directory Listing Following via Antivirus function
https://notcve.org/view.php?id=CVE-2021-32510
QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. QSAN Storage Manager a través de la vulnerabilidad del listado de directorios en la función antivirus permite a atacantes remotos autentificados listar directorios arbitrarios inyectando el parámetro de la ruta del archivo. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4866-b820b-1.html • CWE-548: Exposure of Information Through Directory Listing •
CVE-2021-32509 – QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function
https://notcve.org/view.php?id=CVE-2021-32509
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad Absolute Path Traversal en FileviewDoc en QSAN Storage Manager permite a los atacantes remotos autentificados acceder a archivos arbitrarios inyectando el Symbolic Link siguiendo el parámetro Url path. La referida vulnerabilidad ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32508 – QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function
https://notcve.org/view.php?id=CVE-2021-32508
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad Absolute Path Traversal en FileStreaming en QSAN Storage Manager permite a los atacantes remotos autentificados acceder a archivos arbitrarios inyectando el Symbolic Link siguiendo el parámetro Url path. La referida vulnerabilidad ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32507 – QSAN Storage Manager - Absolute Path Traversal via FileDownload function
https://notcve.org/view.php?id=CVE-2021-32507
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. La vulnerabilidad Absolute Path Traversal en FileDownload en QSAN Storage Manager permite a los atacantes remotos autentificados descargar archivos arbitrarios a través del parámetro Url path. La vulnerabilidad referida ha sido resuelta con la versión actualizada de QSAN Storage Manager versión v3.3.3 • https://www.twcert.org.tw/tw/cp-132-4863-57d4a-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •