CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17002 – RICOH MP 2001 Printer Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-17002
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. En la impresora RICOH MP 2001, se han descubierto las vulnerabilidades de inyección HTML y Cross-Site Scripting (XSS) persistente en el área de agregación de direcciones mediante el parámetro entryNameIn para /web/entry/en/address/adrsSetUserWizard.cgi. The RICOH MP 2001 printer suffers from cross site scripting and html injection vulnerabilities. • http://packetstormsecurity.com/files/149443/RICOH-MP-2001-Printer-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17001 – RICOH SP 4510SF Printer Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-17001
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. En la impresora RICOH SP 4510SF, se han descubierto las vulnerabilidades de inyección HTML y Cross-Site Scripting (XSS) persistente en el área de agregación de direcciones mediante el parámetro entryNameIn para /web/entry/en/address/adrsSetUserWizard.cgi. The RICOH SP 4510SF printer suffers from cross site scripting and html injection vulnerabilities. • http://packetstormsecurity.com/files/149441/RICOH-SP-4510SF-Printer-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-15884 – RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2018-15884
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. Los dispositivos RICOH MP C4504ex permiten la inyección HTML mediante el parámetro entryNameIn en /web/entry/en/address/adrsSetUserWizard.cgi. The RICOH MP C4504ex printer suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/45264 http://packetstormsecurity.com/files/149082/RICOH-MP-C4504ex-Cross-Site-Request-Forgery.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2015-6750 – Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-6750
Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command. Desbordamiento de buffer en Ricoh DL FTP Server 1.1.0.6 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario a través de un comando USER largo. • https://www.exploit-db.com/exploits/18643 http://packetstormsecurity.com/files/133248/Ricoh-FTP-Server-1.1.0.6-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 76%CPEs: 2EXPL: 4CVE-2012-5002 – Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-5002
Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command. Desbordamiento de búfer basado en pila en el servidor SR10 FTP (SR10.exe) v1.1.0.6 en Ricoh DC Software DL-10 v4.5.0.1, cuando está activada la opción de nombre de fichero Log, permite a atacantes remotos ejecutar código a través de un comando USER FTP. • https://www.exploit-db.com/exploits/18643 https://www.exploit-db.com/exploits/18658 http://secunia.com/advisories/47912 http://security.inshell.net/advisory/5 http://www.osvdb.org/79691 http://www.securityfocus.com/bid/52235 https://exchange.xforce.ibmcloud.com/vulnerabilities/73591 http://web.archive.org/web/20120514112629/http://secunia.com/advisories/47912 http://www.inshell.net/2012/03/ricoh-dc-software-dl-10-ftp-server-sr10-exe-remote-buffer-overflow-vulnerability • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •