47 matches found
OSNEXUS QuantaStor 安全漏洞
OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A security vulnerability exists in OSNEXUS QuantaStor versions prior to 5.12.9 that originates from a script that can be executed by a local user with root privileges...
OSNEXUS QuantaStor 跨站脚本漏洞
OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A cross-site scripting vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
OSNEXUS QuantaStor 代码问题漏洞
OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A code issue vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to perform server-side request forgery SSRF attacks...
OSNEXUS QuantaStor 跨站脚本漏洞
OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A cross-site scripting vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
OSNEXUS QuantaStor 命令注入漏洞
OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker can exploit this vulnerability to execute commands as root...
OSNEXUS QuantaStor 操作系统命令注入漏洞
OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. An operating system command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to remotely execute arbitrary shell commands via t...
OSNEXUS QuantaStor Detection
Detection of OSNEXUS QuantaStor. The script sends a connection request to the server and attempts to detect OSNEXUS QuantaStor and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
OSNEXUS QuantaStor Multiple Vulnerabilities
OSNEXUS QuantaStor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:osnexus:quantastor"; if...
CVE-2017-9979
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary...
CVE-2017-9979
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary...
CVE-2017-9978
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...
CVE-2017-9978
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...
Cross site scripting
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary...
Code injection
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...
CVE-2017-9979
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary...
CVE-2017-9978
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...
CVE-2017-9978
OSNEXUS QuantaStor v4 before 4.3.1 contains an information-disclosure vulnerability where the error message for non-existent users can be used to enumerate valid usernames. This CVE (CVE-2017-9978) is documented across multiple sources; affected versions are prior to 4.3.1. Remediation: upgrade t...
CVE-2017-9979
CVE-2017-9979 affects OSNEXUS QuantaStor v4 prior to 4.3.1. The issue arises when a REST call for a non-existent/unsupported method triggers an error response that is not sanitized, enabling an attacker to inject arbitrary HTML or JavaScript (XSS). Affected component: REST endpoint handling for m...
PT-2017-19316 · Osnexus · Quantastor
Name of the Vulnerable Software and Affected Versions: OSNEXUS QuantaStor versions prior to 4.3.1 Description: A flaw was found in the error message sent as a response for non-existent users on the system. This could allow an attacker to enumerate valid accounts by searching for common usernames...
PT-2017-19317 · Osnexus · Quantastor
Name of the Vulnerable Software and Affected Versions: OSNEXUS QuantaStor versions prior to 4.3.1 Description: The issue allows an attacker to inject arbitrary HTML or JavaScript code as a parameter in a REST call, potentially leading to a cross-site scripting XSS attack. When an invalid REST cal...