CVSS: 9.8EPSS: 0%CPEs: 58EXPL: 0CVE-2018-20768
https://notcve.org/view.php?id=CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file. Se ha descubierto un problema en los dispositivos Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836 y EC7856 en versiones anteriores a la R18-05 073.xxx.0487.15000. Un atacante puede ejecutar código PHP aprovechando un archivo que puede ser escrito. • https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2010-0549
https://notcve.org/view.php?id=CVE-2010-0549
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability." Vulnerabilidad no especifica en el Network Controller en Xerox WorkCentre 6400 System Software v060.070.109.11407 hasta v060.070.109.29510, y Net Controller v060.079.11410 hasta v060.079.29310, permite a atacantse remotos acceder al "directorio de estructura" a través de un archivo PostScript manipulado, como "Vulnerabilidad no autorizada al Directorio de Estrucutra." • http://secunia.com/advisories/38339 http://www.securitytracker.com/id?1023500 http://www.vupen.com/english/advisories/2010/0208 http://www.xerox.com/downloads/usa/en/c/cert_XRX10-001_v1.0.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2010-0548
https://notcve.org/view.php?id=CVE-2010-0548
Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization. Múltiples vulnerabilidades no especificadas en Network Controller y Web Server en Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, y 5687 permite a atacantes remotos (1) acceso a los buzones de correo a través de vectores no especificados que evitan el Scan en la autorización del Buzón de Correo o (2) leer información de configuración del dispotivo a través de vectores desconocidos que evitan la autorización del servidor web. • http://secunia.com/advisories/38139 http://www.vupen.com/english/advisories/2010/0209 http://www.xerox.com/downloads/usa/en/c/cert_XRX10-002_v1.0.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 22EXPL: 0CVE-2009-1656
https://notcve.org/view.php?id=CVE-2009-1656
Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." Xerox WorkCentre y WorkCentre Pro v232, v238, v245, v255, v265, v275; y WorkCentre v5632, v5638, v5645, v5655, v5665, v5675, v5687, v7655, v7656, y v7675 permite a atacantes remotos ejecutar comandos de su elección a través de vectores de ataque desconocidos, también conocido como "vulnerabilidad de inyección de comando". • http://osvdb.org/54457 http://secunia.com/advisories/35101 http://www.securityfocus.com/bid/34984 http://www.securitytracker.com/id?1022238 http://www.vupen.com/english/advisories/2009/1328 http://www.xerox.com/downloads/usa/en/c/cert_XRX09-02_v1.0.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/50558 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-6436
https://notcve.org/view.php?id=CVE-2008-6436
Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el servidor web en Xerox WorkCentre 7132, 7228, 7235, y 7245 permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados. • http://osvdb.org/45627 http://secunia.com/advisories/30364 http://www.securityfocus.com/bid/29345 http://www.vupen.com/english/advisories/2008/1628/references http://www.xerox.com/downloads/usa/en/c/cert_XRX08_004.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/42595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •