Page 12 of 70 results (0.011 seconds)

CVSS: 4.6EPSS: 0%CPEs: 32EXPL: 0

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. Impresoras Lexmark con firmware ATL en versiones anteriores a ATL.021.063, CB en versiones anteriores a CB.021.063, PP en versiones anteriores a PP.021.063 y YK en versiones anteriores a YK.021.063 maneja incorectamente las acciones Erase Printer Memory y Erase Hard Disk, lo que permite a atacantes físicamente próximos obtener información sensible a través de lectura directa de operaciones sobre memoria no volátil. • http://support.lexmark.com/index?page=content&id=TE760 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. Condición de carrera en el proceso de inicialización en impresoras Lexmark con firmware ATL en versiones anteriores a ATL.02.049, CB en versiones anteriores a CB.02.049, PP en versiones anteriores a PP.02.049 y YK en versiones anteriores a YK.02.049 permite a atacantes remotos eludir la autenticación aprovechando una detección incorrecta del estado del puente de seguridad. • http://support.lexmark.com/index?page=content&id=TE745 • CWE-254: 7PK - Security Features CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.0EPSS: 95%CPEs: 1EXPL: 0

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. Vulnerabilidad de salto de directorio en el servlet LibraryFileUploadServlet en Lexmark Markvision Enterprise permite a usuarios remotos autenticados escribir a y ejecutar ficheros arbitrarios a través de un .. (punto punto) en la ruta de un fichero en un archivo ZIP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. • http://support.lexmark.com/index?page=content&id=TE677 http://www.zerodayinitiative.com/advisories/ZDI-15-046 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en el servlet ReportDownloadServlet en Lexmark MarkVision Enterprise versiones anteriores a 2.1, permite a atacantes remotos leer archivos arbitrarios por medio de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportDownloadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • http://support.lexmark.com/index?page=content&id=TE666 http://www.zerodayinitiative.com/advisories/ZDI-14-411 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 1

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en el servlet GfdFileUploadServerlet en Lexmark MarkVision Enterprise versiones anteriores a 2.1, permite a atacantes remotos escribir en archivos arbitrarios por medio de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • https://www.exploit-db.com/exploits/35776 http://support.lexmark.com/index?page=content&id=TE666 http://www.zerodayinitiative.com/advisories/ZDI-14-410 http://support.lexmark.com/index?page=content&id=TE666&locale=EN&userlocale=EN_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •