3 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 5821EXPL: 0

Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. Ciertos productos HP Print y productos Digital Sending pueden ser vulnerables a una posible ejecución remota de código y desbordamiento de búfer con el uso de resolución de nombres de multidifusión local de enlace o LLMNR. • https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.1EPSS: 0%CPEs: 164EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders, permiten a atacantes remotos (1) imprimir documentos mediante vectores desconocidos, (2) modificar la configuración de red mediante una petición NetIPChange a hp/device/config_result_YesNo.html/config o (3) cambiar la contraseña mediante los parámetros Password y ConfirmPassword a hp/device/set_config_password.html/config. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 http://osvdb.org/52847 http://osvdb.org/52848 http://osvdb.org/52849 http://www.louhinetworks.fi/advisory/HP_20090317.txt http://www.securityfocus.com/archive/1/501884/100/0/threaded http://www.securityfocus.com/bid/34143 http://www.vupen.com/english/advisories/2009/0754 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.6EPSS: 0%CPEs: 164EXPL: 0

The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. El HP Embedded Web Server (EWS) en HP LaserJet Printers, Edgeline Printers, y Digital Senders no tiene contraseña de administración por defecto, lo que facilita a atacantes remotos el obtener acceso. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 http://www.louhinetworks.fi/advisory/HP_20090317.txt http://www.securityfocus.com/archive/1/501884/100/0/threaded http://www.vupen.com/english/advisories/2009/0754 • CWE-264: Permissions, Privileges, and Access Controls •