Page 13 of 70 results (0.013 seconds)

CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. Múltiples vulnerabilidades de XSS en impresoras Lexmark W840 hasta LS.HA.P252, T64x anterior a LS.ST.P344, C935dn hasta LC.JO.P091, C920 hasta LS.TA.P152, C53x hasta LS.SW.P069, C52x hasta LS.FA.P150, E450 hasta LM.SZ.P124, E350 hasta LE.PH.P129 y E250 hasta LE.PM.P126 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrario usando (1) SNMP o (2) Embedded Web Server (EWS) para establecer los campos (a) Contact o (b) Location. • http://support.lexmark.com/index?page=content&id=TE585 http://www.kb.cert.org/vuls/id/108062 http://www.osvdb.org/102752 http://www.securityfocus.com/bid/65277 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter. cgi-bin/postpf/cgi-bin/dynamic/config/config.html en impresoras Lexmark X94x anterior a LC.BR.P142, X85x hasta LC4.BE.P487, X644 y X646 anterior a LC2.MC.P374, X642 hasta LC2.MB.P318, W840 hasta LS.HA.P252, T64x anterior a LS.ST.P344, X64xef hasta LC2.TI.P325, C935dn hasta LC.JO.P091, C920 hasta LS.TA.P152, C78x hasta LC.IO.P187, X78x hasta LC2.IO.P335, C77x hasta LC.CM.P052, X772 hasta LC2.TR.P291, C53x hasta LS.SW.P069, C52x hasta LS.FA.P150, 25xxN hasta LCL.CU.P114, N4000 hasta LC.MD.P119, N4050e hasta GO.GO.N206, N70xxe hasta LC.CO.N309, E450 hasta LM.SZ.P124, E350 hasta LE.PH.P129 y E250 hasta LE.PM.P126 permite a atacantes remotos eliminar la contraseña administrativa a través del parámetro vac.255.GENPASSWORD. • http://support.lexmark.com/index?page=content&id=TE586 http://www.kb.cert.org/vuls/id/108062 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors. Lexmark Markvision empresa antes v1.8 proporciona una interfaz de diagnóstico en el puerto TCP 9789, que permite a atacantes remotos ejecutar código de su elección, cambiar la configuración, o la obtención de información sensible en la gestión de flotas a través de vectores no especificados. • http://support.lexmark.com/index?page=content&id=TE530 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 61EXPL: 0

The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. El servidor HTTP embebido en multiples impresoras laser e inyección Lexmark y dispositivos MarkNet, incluyendo X94x, W840, T656, N4000, E462, C935dn, 25xxN y otros modelos, permiten a atacantes remotos causar una denegación de servicio (parada del sistema operativo) a través de una cabecera de Autorización HTTP malformada. • http://support.lexmark.com/index?page=content&id=TE87&locale=EN&userlocale=EN_US • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections. La característica flood-protection en la base de los componentes IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, y Printcryption DLE en determinadas impresoras multifunción o láser de la marca Lexmark, permite a atacantes remotos provocar una denegación de servicio (indisponibilidad de TCP) a través de varias conexiones FTP pasivas y posteriormente cancelando las conexiones. • http://secunia.com/advisories/39056 http://support.lexmark.com/index?page=content&id=TE85&locale=EN&userlocale=EN_US http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=11&Itemid=11 http://www.securityfocus.com/archive/1/510285/100/0/threaded http://www.securityfocus.com/bid/38906 •