CVSS: 7.6EPSS: 0%CPEs: 164EXPL: 0CVE-2009-0941
https://notcve.org/view.php?id=CVE-2009-0941
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. El HP Embedded Web Server (EWS) en HP LaserJet Printers, Edgeline Printers, y Digital Senders no tiene contraseña de administración por defecto, lo que facilita a atacantes remotos el obtener acceso. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 http://www.louhinetworks.fi/advisory/HP_20090317.txt http://www.securityfocus.com/archive/1/501884/100/0/threaded http://www.vupen.com/english/advisories/2009/0754 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2008-4419
https://notcve.org/view.php?id=CVE-2008-4419
Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI. Vulnerabilidad de salto de directorio en la interfaz de administración Web HP JetDirect en el servidor web empotrado HP-ChaiSOE v1.0 en las LaserJet 9040mfp, LaserJet 9050mfp y Color LaserJet 9500mfp anteriores al software empotrado 08.110.9; LaserJet 4345mfp y 9200C Digital Sender anteriores al software empotrado 09.120.9; Color LaserJet 4730mfp anterior al software empotrado 46.200.9; LaserJet 2410, LaserJet 2420 y LaserJet 2430 anterior al software empotrado 20080819 SPCL112A; LaserJet 4250 y LaserJet 4350 anterior al software empotrado 20080819 SPCL015A; y LaserJet 9040 y LaserJet 9050 anterior al software empotrado 20080819 SPCL110A; permite a atacantes remotos leer ficheros arbitrario a través de secuencias de salto de directorio en el URI. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905 http://secunia.com/advisories/33779 http://www.securityfocus.com/archive/1/500657/100/0/threaded http://www.securityfocus.com/bid/33611 http://www.securitytracker.com/id?1021687 http://www.vupen.com/english/advisories/2009/0341 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.1EPSS: 0%CPEs: 21EXPL: 2CVE-2007-0161 – HP (Multiple Products) - PML Driver HPZ12 Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-0161
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. El controlador PML HPZ12 (HPZipm12.exe) en los controladores todo en uno de HP, usado en múltiples productos HP, utiliza permisos no seguros SERVICE_CHANGE_CONFIG DACL, lo cual permite a un usuario local ganar privilegios y ejecutar programas de su elección, como se demostró con la modificación del argumento binpath, un asunto relacionado con CVE-2006-0023. • https://www.exploit-db.com/exploits/29403 http://osvdb.org/32654 http://secunia.com/advisories/23663 http://securityreason.com/securityalert/2128 http://secway.org/advisory/AD20070108.txt http://www.securityfocus.com/archive/1/456259/100/0/threaded http://www.securityfocus.com/bid/21935 http://www.vupen.com/english/advisories/2007/0094 https://exchange.xforce.ibmcloud.com/vulnerabilities/31361 •
CVSS: 5.0EPSS: 2%CPEs: 11EXPL: 4CVE-2006-1654 – HP Color LaserJet 2500/4600 Toolbox - Directory Traversal
https://notcve.org/view.php?id=CVE-2006-1654
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. • https://www.exploit-db.com/exploits/27565 http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html http://secunia.com/advisories/19529 http://securitytracker.com/id?1015862 http://www.osvdb.org/24396 http://www.securityfocus.com/archive/1/429893/100/0/threaded http://www.securityfocus.com/archive/1/429984/100/0/threaded http://www.securityfocus.com/bid/17367 http://www.vupen.com/english/advisories/2006/1230 https://exchange.xforce.ibmcloud.com/vulnerabilities/256 •
CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 0CVE-2004-2439
https://notcve.org/view.php?id=CVE-2004-2439
The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01085 http://securitytracker.com/id?1011671 http://www.securityfocus.com/bid/11297 https://exchange.xforce.ibmcloud.com/vulnerabilities/17634 •