CVSS: 5.0EPSS: 33%CPEs: 9EXPL: 0CVE-2013-4615 – Canon Wireless Printer Denial Of Service
https://notcve.org/view.php?id=CVE-2013-4615
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment." Las impresoras Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920 y MX922 permite a atacantes remotos provocar una denegación de servicio (cuelgue del dispositivo) a través de un parámetro LAN_TXT24 especialmente diseñado a English/pages_MacUS/cgi_lan.cgi seguido de una petición directa a English/pages_MacUS/lan_set_content.html. NOTA: el vendedor ha respondido diciendo "Canon cree que sus impresoras no tendrán que hacer frente a accesos no autorizados a la red desde una ubicación externa, siempre y cuando las impresoras se utilizan en un entorno seguro." Various Canon printers suffer from a lack of password authentication, denial of service, and WEP/WPA/WPA2 secret disclosure vulnerabilities. • http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0146.html http://www.mattandreko.com/2013/06/canon-y-u-no-security.html https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/canon_wireless_printer.rb • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4608
https://notcve.org/view.php?id=CVE-2009-4608
Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Canon IT Solutions Inc. ACCESSGUARDIAN v3.0.14 y anteriores y v3.5.6 y anteriores, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de vectores desconocidos relacionados con la autenticación. • http://canon-its.jp/guardian/topics/200910ag.html http://jvn.jp/en/jp/JVN33822756/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000066.html http://osvdb.org/59058 http://secunia.com/advisories/37045 http://www.vupen.com/english/advisories/2009/2973 https://exchange.xforce.ibmcloud.com/vulnerabilities/53822 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 1%CPEs: 70EXPL: 0CVE-2008-0303
https://notcve.org/view.php?id=CVE-2008-0303
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. La característica de impresión FTP en múltiples impresoras Canon, incluyendo imageRUNNER e imagePRESS, permite a atacantes remotos utilizar el servidor como un proxy inadvertido a través de un comando PORT modificado, también conocido como salto FTP. • http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack http://jvn.jp/en/jp/JVN10056705/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html http://securitytracker.com/id?1019528 http://www.kb.cert.org/vuls/id/568073 http://www.securityfocus.com/bid/28042 http://www.usa.canon.com/html/security/pdf/CVA-001.pdf •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-2680
https://notcve.org/view.php?id=CVE-2007-2680
Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el interfaz de gestión en Canon Network Camera Server VB100 y VB101 con software empotrado (firmware)3.0 R69 y anteriores, y VB150 con software empotrado (firmware)1.1 R39 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://cweb.canon.jp/drv-upd/webview/notification.html http://jvn.jp/jp/JVN%2306735665 http://osvdb.org/35019 http://secunia.com/advisories/24940 http://www.securityfocus.com/bid/23560 http://www.vupen.com/english/advisories/2007/1461 •
CVSS: 5.0EPSS: 18%CPEs: 41EXPL: 3CVE-2006-7065 – Microsoft Internet Explorer 6.0/7.0 - IFrame Refresh Denial of Service
https://notcve.org/view.php?id=CVE-2006-7065
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. Microsoft Internet Explorer permite a atacantes remotos provocar denegación de servicio (caida) a través de un IFRAME con ciertos archivos XML y plantillas de estilo XSL que disparan una cauda en mshtml.dll cuando un se llama se solicita un refresco de cotenido, probablemente a un puntero de referencia nula. • https://www.exploit-db.com/exploits/28343 http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html http://www.securityfocus.com/bid/19364 http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511 •