CVE-2016-6918
https://notcve.org/view.php?id=CVE-2016-6918
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( Lexmark Markvision Enterprise (MVE) versiones anteriores a 2.4.1, permite a atacantes remotos ejecutar comandos arbitrarios mediante la carga de archivos. • http://support.lexmark.com/index?page=content&id=TE828&locale=EN&userlocale=EN_US • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2019-19772
https://notcve.org/view.php?id=CVE-2019-19772
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. Varios productos Lexmark, presentan una vulnerabilidad de tipo XSS reflejado en el servidor web incorporado que usado en dispositivos Lexmark de antigua generación. Los productos afectados están disponibles en http://support.lexmark.com/index? • http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-19773
https://notcve.org/view.php?id=CVE-2019-19773
Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. Varios productos Lexmark, presentan una vulnerabilidad de tipo XSS almacenado en el servidor web incorporado que es usado en los dispositivos Lexmark de antigua generación. Los productos afectados están disponibles en http://support.lexmark.com/index? • http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-18791
https://notcve.org/view.php?id=CVE-2019-18791
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. La impresora Lexmark MS812 y varios dispositivos Lexmark de generaciones anteriores, presentan una vulnerabilidad de tipo XSS almacenado en el servidor web incorporado. La vulnerabilidad puede ser explotada para exponer las credenciales de sesión y otra información por medio del navegador web de los usuarios. • http://support.lexmark.com/alerts http://support.lexmark.com/index?page=content&id=TE933&modifiedDate=02/04/20&actp=LIST_RECENT&userlocale=EN_US&locale=en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-16758 – Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-16758
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system. En Lexmark Services Monitor versión 2.27.4.0.39 (ejecutándose en el puerto TCP 2070), un atacante remoto puede usar una técnica de salto de directorio usando /../../../ o ..%2F ..%2F ..%2F para obtener archivos locales en el sistema operativo host. Lexmark Services Monitor version 2.27.4.0.39 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/47663 http://packetstormsecurity.com/files/155365/Lexmark-Services-Monitor-2.27.4.0.39-Directory-Traversal.html http://seclists.org/fulldisclosure/2019/Nov/17 http://support.lexmark.com/index?page=content&id=TE930&locale=en&userlocale=EN_US https://www.symantec.com/security-center/vulnerabilities/writeup/110943 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •