4 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. Lexmark Markvision Enterprise versiones anteriores a 2.3.0, usa inapropiadamente la Apache Commons Collections Library, conllevando a una ejecución de código remota debido a una deserialización de Java. • http://support.lexmark.com/index?page=content&id=TE747&locale=EN&userlocale=EN_US • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( Lexmark Markvision Enterprise (MVE) versiones anteriores a 2.4.1, permite a atacantes remotos ejecutar comandos arbitrarios mediante la carga de archivos. • http://support.lexmark.com/index?page=content&id=TE828&locale=EN&userlocale=EN_US • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en el servlet ReportDownloadServlet en Lexmark MarkVision Enterprise versiones anteriores a 2.1, permite a atacantes remotos leer archivos arbitrarios por medio de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportDownloadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • http://support.lexmark.com/index?page=content&id=TE666 http://www.zerodayinitiative.com/advisories/ZDI-14-411 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 1

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en el servlet GfdFileUploadServerlet en Lexmark MarkVision Enterprise versiones anteriores a 2.1, permite a atacantes remotos escribir en archivos arbitrarios por medio de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • https://www.exploit-db.com/exploits/35776 http://support.lexmark.com/index?page=content&id=TE666 http://www.zerodayinitiative.com/advisories/ZDI-14-410 http://support.lexmark.com/index?page=content&id=TE666&locale=EN&userlocale=EN_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •