CVE-2021-32514

Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device.

Source: CVE-2021-32514

CVE-2021-32512

QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands.

Source: CVE-2021-32512

CVE-2021-32511

QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter.

Source: CVE-2021-32511

CVE-2021-32508

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter.

Source: CVE-2021-32508

CVE-2021-32509

Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter.

Source: CVE-2021-32509

CVE-2021-32506

Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter.

Source: CVE-2021-32506

CVE-2021-26273

The Agent in NinjaRMM 5.0.909 has Incorrect Access Control.

Source: CVE-2021-26273

CVE-2021-32507

Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter.

Source: CVE-2021-32507

CVE-2021-32517

Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function.

Source: CVE-2021-32517

CVE-2021-32518

A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files.

Source: CVE-2021-32518