CVE-2024-27144 – Pre-authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27144
And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. ... Para obtener detalles sobre otras vulnerabilidades relacionadas, consulte al siguiente punto de contacto. https://www.toshibatec.com/contacts/products/ En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions •
CVE-2024-27143 – Pre-authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27143
Para obtener detalles sobre otras vulnerabilidades relacionadas, consulte al siguiente punto de contacto. https://www.toshibatec.com/contacts/products/ En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-27142 – Pre-authenticated XXE injection
https://notcve.org/view.php?id=CVE-2024-27142
En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2024-27141 – Pre-authenticated Time-Based Blind XXE injection
https://notcve.org/view.php?id=CVE-2024-27141
En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2024-37859 – Lost And Found Information System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-37859
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. • http://lost.com https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •