CVSS: 7.5EPSS: 9%CPEs: 12EXPL: 0CVE-2006-5290
https://notcve.org/view.php?id=CVE-2006-5290
The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." Los componentes ESS/ Network Controller y MicroServer Web Server de Xerox WorkCentre y WorkCentre Pro 232, 238, 245, 255, 265 y 275 permiten a un atacante remoto evitar la validación y ejecutar código de su elección a través de "comando de inyección WebUI sobre el TCP/IP del nomber del host". • http://secunia.com/advisories/22252 http://securitytracker.com/id?1016981 http://www.securityfocus.com/bid/20334/info http://www.vupen.com/english/advisories/2006/3921 http://www.xerox.com/downloads/usa/en/c/cert_XRX06_005.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/29357 •
CVSS: 6.4EPSS: 7%CPEs: 19EXPL: 0CVE-2006-2113
https://notcve.org/view.php?id=CVE-2006-2113
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. El servidor HTTP incrustado en el motor de impresión Fuji Xerox Printing Systems (FXPS), como se usa en productos incluyendo (1) Dell 3000cn hasta la versión 5110cn y (2) firmware Fuji Xerox DocuPrint en versiones anteriores a 20060628 y firmware Network Option Card en versiones anteriores a 5.13, no realiza correctamente autenticación para peticiones HTTP, lo que permite a atacantes remotos modificar la configuración del sistema a través de peticiones manipuladas, incluyendo el cambio de la contraseña de administrador o provocando una denegación de servicio al servidor de impresión. • http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities http://marc.info/?l=bugtraq&m=115652437223454&w=2 http://secunia.com/advisories/21630 http://secunia.com/advisories/22463 http://www.osvdb.org/28250 http://www.securityfocus.com/archive/1/444321/100/0/threaded http://www.securityfocus.com/bid/19716 http://www.vupen.com/english/advisories/2006/3401 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 19EXPL: 0CVE-2006-2112
https://notcve.org/view.php?id=CVE-2006-2112
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. Motor de impresión Fuji Xerox Printing Systems (FXPS), como se usa en productos incluyendo (1) Dell 3000cn hasta la versión 5110cn y (2) firmware Fuji Xerox DocuPrint en versiones anteriores a 20060628 y firmware Network Option Card en versiones anteriores a 5.13, permite a atacantes utilizar la interfaz de impresión FTP como un proxy ("FTP bounce") utilizando argumentos PORT arbitrarios para conectarse a sistemas para los cuales el acceso estaría de lo contrario restringido. • http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities http://marc.info/?l=bugtraq&m=115652437223454&w=2 http://secunia.com/advisories/21630 http://secunia.com/advisories/22463 http://www.osvdb.org/28249 http://www.securityfocus.com/archive/1/444321/100/0/threaded http://www.securityfocus.com/bid/19711 http://www.vupen.com/english/advisories/2006/3401 https://exchange.xforce.ibmcloud.com/vulnerabilities/28637 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 4%CPEs: 18EXPL: 0CVE-2006-1137
https://notcve.org/view.php?id=CVE-2006-1137
Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports". • http://secunia.com/advisories/19146 http://securitytracker.com/id?1015738 http://www.osvdb.org/23725 http://www.osvdb.org/23726 http://www.securityfocus.com/bid/17014 http://www.vupen.com/english/advisories/2006/0857 http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/25173 https://exchange.xforce.ibmcloud.com/vulnerabilities/25174 •
CVSS: 5.0EPSS: 1%CPEs: 18EXPL: 0CVE-2006-1138
https://notcve.org/view.php?id=CVE-2006-1138
Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors. • http://secunia.com/advisories/19146 http://securitytracker.com/id?1015738 http://www.osvdb.org/23727 http://www.securityfocus.com/bid/17014 http://www.vupen.com/english/advisories/2006/0857 http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/25175 •