CVE-2008-6436
https://notcve.org/view.php?id=CVE-2008-6436
Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el servidor web en Xerox WorkCentre 7132, 7228, 7235, y 7245 permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados. • http://osvdb.org/45627 http://secunia.com/advisories/30364 http://www.securityfocus.com/bid/29345 http://www.vupen.com/english/advisories/2008/1628/references http://www.xerox.com/downloads/usa/en/c/cert_XRX08_004.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/42595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-5225 – Xerox DocuShare 6 - docushare/dsweb/ServicesLib/Group URI Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5225
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. Múltiples vulnerabilidades de secuencias de ejecución de comandos en sitios cruzados en Xerox DocuShare v6 y anteriores que permite a atacantes remotos inyectar secuencias de comandos web o codigo HTML a traves de PATH_INFO a la URL por defecto a traves de (1) SearchResults/ y (2) Services/ en dsdn/dsweb/, y (3) la URL por defecto a traves de directorios inespecificos de docushare/dsweb/ServicesLib/Group-#/. • https://www.exploit-db.com/exploits/31864 https://www.exploit-db.com/exploits/31862 https://www.exploit-db.com/exploits/31863 http://secunia.com/advisories/30426 http://securityreason.com/securityalert/4638 http://www.securityfocus.com/archive/1/492766/100/0/threaded http://www.securityfocus.com/archive/1/492960/100/0/threaded http://www.securityfocus.com/bid/29430 http://www.securitytracker.com/id?1020147 http://www.vupen.com/english/advisories/2008/1701/references https:& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-3571 – Xerox Phaser 8400 - Remote Reboot (Denial of Service)
https://notcve.org/view.php?id=CVE-2008-3571
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900. El Phaser Xerox 8400 permite a atacantes remotos provocar una denegación de servicio (reinicio) a través de un paquete UDP vacío al puerto 1900. • https://www.exploit-db.com/exploits/6196 http://secunia.com/advisories/31329 http://securityreason.com/securityalert/4128 http://www.securityfocus.com/bid/30522 http://www.vupen.com/english/advisories/2008/2308 https://exchange.xforce.ibmcloud.com/vulnerabilities/44211 • CWE-20: Improper Input Validation •
CVE-2008-3121
https://notcve.org/view.php?id=CVE-2008-3121
Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Xerox CentreWare Web (CWW) versiones anteriores a la 4.6.46, permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrariamente a través de vectores sin especificar. • http://secunia.com/advisories/30978 http://www.securityfocus.com/bid/30151 http://www.xerox.com/downloads/usa/en/c/cert_XRX08_008.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/43671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-3122
https://notcve.org/view.php?id=CVE-2008-3122
Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors. Múltiples vulnerabilidades en Xerox CentreWare Web(CWW) anterior a 4.6.46, permite a usuarios autenticados remotamente ejecutar comandos SQL de su elección a través de vectores no especificados. • http://secunia.com/advisories/30978 http://www.securityfocus.com/bid/30151 http://www.xerox.com/downloads/usa/en/c/cert_XRX08_008.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/43672 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •