Lucene search
K

47 matches found

CNNVD
CNNVD
added 2023/07/10 12:0 a.m.7 views

OSNEXUS QuantaStor 安全漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A security vulnerability exists in OSNEXUS QuantaStor versions prior to 5.12.9 that originates from a script that can be executed by a local user with root privileges...

7.8CVSS7.3AI score0.00185EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.5 views

OSNEXUS QuantaStor 跨站脚本漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A cross-site scripting vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

7.4CVSS5.9AI score0.00695EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.7 views

OSNEXUS QuantaStor 代码问题漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A code issue vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to perform server-side request forgery SSRF attacks...

6.2CVSS5.5AI score0.00694EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.7 views

OSNEXUS QuantaStor 跨站脚本漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A cross-site scripting vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

8.7CVSS5.4AI score0.00547EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.9 views

OSNEXUS QuantaStor 命令注入漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. A command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker can exploit this vulnerability to execute commands as root...

9.1CVSS7.3AI score0.00964EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.7 views

OSNEXUS QuantaStor 操作系统命令注入漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. An operating system command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to remotely execute arbitrary shell commands via t...

9.1CVSS7.5AI score0.0123EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2017/08/29 12:0 a.m.12 views

OSNEXUS QuantaStor Detection

Detection of OSNEXUS QuantaStor. The script sends a connection request to the server and attempts to detect OSNEXUS QuantaStor and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2017/08/29 12:0 a.m.32 views

OSNEXUS QuantaStor Multiple Vulnerabilities

OSNEXUS QuantaStor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:osnexus:quantastor"; if...

6.1CVSS5.7AI score0.04746EPSS
Exploits7References1
OSV
OSV
added 2017/08/28 7:29 p.m.4 views

CVE-2017-9979

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary...

6.1CVSS5.9AI score0.02559EPSS
Exploits6References4
NVD
NVD
added 2017/08/28 7:29 p.m.17 views

CVE-2017-9979

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary...

6.1CVSS6.2AI score0.02559EPSS
Exploits6References4
NVD
NVD
added 2017/08/28 7:29 p.m.12 views

CVE-2017-9978

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...

5.3CVSS5.1AI score0.04746EPSS
Exploits6References4
OSV
OSV
added 2017/08/28 7:29 p.m.3 views

CVE-2017-9978

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...

5.3CVSS5.8AI score0.04746EPSS
Exploits6References4
Prion
Prion
added 2017/08/28 7:29 p.m.13 views

Cross site scripting

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary...

4.3CVSS6.8AI score0.02559EPSS
Exploits6References4Affected Software1
Prion
Prion
added 2017/08/28 7:29 p.m.12 views

Code injection

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...

5CVSS6.5AI score0.04746EPSS
Exploits6References4Affected Software1
Cvelist
Cvelist
added 2017/08/28 7:0 p.m.21 views

CVE-2017-9979

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary...

6.2AI score0.02559EPSS
Exploits6References4
Cvelist
Cvelist
added 2017/08/28 7:0 p.m.16 views

CVE-2017-9978

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...

5.5AI score0.04746EPSS
Exploits6References4
CVE
CVE
added 2017/08/28 7:0 p.m.58 views

CVE-2017-9978

OSNEXUS QuantaStor v4 before 4.3.1 contains an information-disclosure vulnerability where the error message for non-existent users can be used to enumerate valid usernames. This CVE (CVE-2017-9978) is documented across multiple sources; affected versions are prior to 4.3.1. Remediation: upgrade t...

5.3CVSS5.2AI score0.04746EPSS
Exploits6References4Affected Software1
CVE
CVE
added 2017/08/28 7:0 p.m.61 views

CVE-2017-9979

CVE-2017-9979 affects OSNEXUS QuantaStor v4 prior to 4.3.1. The issue arises when a REST call for a non-existent/unsupported method triggers an error response that is not sanitized, enabling an attacker to inject arbitrary HTML or JavaScript (XSS). Affected component: REST endpoint handling for m...

6.1CVSS5.6AI score0.02559EPSS
Exploits6References4Affected Software1
Positive Technologies
Positive Technologies
added 2017/08/28 12:0 a.m.4 views

PT-2017-19316 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: OSNEXUS QuantaStor versions prior to 4.3.1 Description: A flaw was found in the error message sent as a response for non-existent users on the system. This could allow an attacker to enumerate valid accounts by searching for common usernames...

5.3CVSS5.3AI score0.04746EPSS
Exploits6References5
Positive Technologies
Positive Technologies
added 2017/08/28 12:0 a.m.4 views

PT-2017-19317 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: OSNEXUS QuantaStor versions prior to 4.3.1 Description: The issue allows an attacker to inject arbitrary HTML or JavaScript code as a parameter in a REST call, potentially leading to a cross-site scripting XSS attack. When an invalid REST cal...

6.1CVSS5.4AI score0.02559EPSS
Exploits6References5
Rows per page
Query Builder