CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2020-8424 – Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
https://notcve.org/view.php?id=CVE-2020-8424
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php. Cups Easy (Purchase & Inventory) versión 1.0, es vulnerable a un ataque de tipo CSRF que conlleva a la toma de control de la cuenta de administrador por medio del archivo passwordmychange.php. Cups Easy version 1.0 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47973 http://packetstormsecurity.com/files/156140/Cups-Easy-1.0-Cross-Site-Request-Forgery.html https://github.com/J3rryBl4nks/CUPSEasyExploits • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2020-8425 – Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
https://notcve.org/view.php?id=CVE-2020-8425
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php. Cups Easy (Purchase & Inventory) versión 1.0, es vulnerable a un ataque de tipo CSRF que conlleva a la eliminación de la cuenta de administrador por medio del archivo userdelete.php. Cups Easy version 1.0 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47973 http://packetstormsecurity.com/files/156140/Cups-Easy-1.0-Cross-Site-Request-Forgery.html https://github.com/J3rryBl4nks/CUPSEasyExploits • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6553 – AppArmor cupsd Sandbox Bypass Due to Use of Hard Links
https://notcve.org/view.php?id=CVE-2018-6553
The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. El perfil CUPS AppArmor confinó incorrectamente la puerta trasera dnssd debido al uso de enlaces físicos. Un atacante local podría emplear este problema para escapar del confinamiento. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://usn.ubuntu.com/usn/usn-3713-1 https://www.debian.org/security/2018/dsa-4243 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8166
https://notcve.org/view.php?id=CVE-2014-8166
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. La característica de navegación en el servidor en CUPS no filtra secuencias de escape ANSI de nombres de impresora compartidos, lo que podría permitir que atacantes remotos ejecuten código arbitrario mediante un nombre de impresora manipulado. • http://www.openwall.com/lists/oss-security/2015/03/24/15 http://www.openwall.com/lists/oss-security/2015/03/24/2 http://www.securityfocus.com/bid/73300 https://bugzilla.redhat.com/show_bug.cgi?id=1084577 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 91%CPEs: 1EXPL: 2CVE-2015-1158 – CUPS < 2.0.3 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-1158
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. La función add_job en scheduler/ipp.c en cupsd en CUPS anterior a 2.0.3 realiza incorrectamente las operaciones libres para los atributos de los nombres de anfitriones que originan trabajos de múltiples valores, lo que permite a atacantes remotos provocar la corrupción de datos para las cadenas de referencias contadas a través de una solicitud (1) IPP_CREATE_JOB o (2) IPP_PRINT_JOB manipulada, tal y como fue demostrado mediante el remplazo del fichero de configuración y como consecuencia la ejecución de código arbitrario. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker could submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allowed the attacker to run arbitrary code on the CUPS server. CUPS versions prior to 2.0.3 suffers from improper teardown and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/41233 https://www.exploit-db.com/exploits/37336 http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html http://rhn.redhat.com/errata/RHSA- • CWE-254: 7PK - Security Features •