CVE-2012-0773 – flash-plugin: arbitrary code execution via memory corruption flaw in NetStream class (APSB12-07)
https://notcve.org/view.php?id=CVE-2012-0773
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. La clase NetStream en Adobe Flash Player antes de v10.3.183.18 y v11.x antes de v11.2.202.228 en Windows, Mac OS X y Linux, Flash Player antes de v10.3.183.18 y 11.x antes de v11.2.202.223 en Solaris; Flash Player antes de v11.1 .111.8 en Android 2.x y 3.x, y AIR antes v3.2.0.2070 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00018.html http://secunia.com/advisories/48618 http://secunia.com/advisories/48652 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-07.html http://www.securitytracker.com/id?1026859 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert • CWE-787: Out-of-bounds Write •
CVE-2010-0549
https://notcve.org/view.php?id=CVE-2010-0549
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability." Vulnerabilidad no especifica en el Network Controller en Xerox WorkCentre 6400 System Software v060.070.109.11407 hasta v060.070.109.29510, y Net Controller v060.079.11410 hasta v060.079.29310, permite a atacantse remotos acceder al "directorio de estructura" a través de un archivo PostScript manipulado, como "Vulnerabilidad no autorizada al Directorio de Estrucutra." • http://secunia.com/advisories/38339 http://www.securitytracker.com/id?1023500 http://www.vupen.com/english/advisories/2010/0208 http://www.xerox.com/downloads/usa/en/c/cert_XRX10-001_v1.0.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0548
https://notcve.org/view.php?id=CVE-2010-0548
Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization. Múltiples vulnerabilidades no especificadas en Network Controller y Web Server en Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, y 5687 permite a atacantes remotos (1) acceso a los buzones de correo a través de vectores no especificados que evitan el Scan en la autorización del Buzón de Correo o (2) leer información de configuración del dispotivo a través de vectores desconocidos que evitan la autorización del servidor web. • http://secunia.com/advisories/38139 http://www.vupen.com/english/advisories/2010/0209 http://www.xerox.com/downloads/usa/en/c/cert_XRX10-002_v1.0.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-3913 – Xerox Fiery Webtools - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3913
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. Vulnerabilidad de inyección SQL en summary.php en Xerox Fiery WebTools permite a atacantes remotos ejecutar comandos SQL a través del parámetro "select". • https://www.exploit-db.com/exploits/9850 http://www.securityfocus.com/archive/1/507650/100/0/threaded http://www.securityfocus.com/bid/36906 https://exchange.xforce.ibmcloud.com/vulnerabilities/54137 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-1656
https://notcve.org/view.php?id=CVE-2009-1656
Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." Xerox WorkCentre y WorkCentre Pro v232, v238, v245, v255, v265, v275; y WorkCentre v5632, v5638, v5645, v5655, v5665, v5675, v5687, v7655, v7656, y v7675 permite a atacantes remotos ejecutar comandos de su elección a través de vectores de ataque desconocidos, también conocido como "vulnerabilidad de inyección de comando". • http://osvdb.org/54457 http://secunia.com/advisories/35101 http://www.securityfocus.com/bid/34984 http://www.securitytracker.com/id?1022238 http://www.vupen.com/english/advisories/2009/1328 http://www.xerox.com/downloads/usa/en/c/cert_XRX09-02_v1.0.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/50558 •