5 results (0.003 seconds)

CVSS: 5.1EPSS: 0%CPEs: 164EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders, permiten a atacantes remotos (1) imprimir documentos mediante vectores desconocidos, (2) modificar la configuración de red mediante una petición NetIPChange a hp/device/config_result_YesNo.html/config o (3) cambiar la contraseña mediante los parámetros Password y ConfirmPassword a hp/device/set_config_password.html/config. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 http://osvdb.org/52847 http://osvdb.org/52848 http://osvdb.org/52849 http://www.louhinetworks.fi/advisory/HP_20090317.txt http://www.securityfocus.com/archive/1/501884/100/0/threaded http://www.securityfocus.com/bid/34143 http://www.vupen.com/english/advisories/2009/0754 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.6EPSS: 0%CPEs: 164EXPL: 0

The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. El HP Embedded Web Server (EWS) en HP LaserJet Printers, Edgeline Printers, y Digital Senders no tiene contraseña de administración por defecto, lo que facilita a atacantes remotos el obtener acceso. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 http://www.louhinetworks.fi/advisory/HP_20090317.txt http://www.securityfocus.com/archive/1/501884/100/0/threaded http://www.vupen.com/english/advisories/2009/0754 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.1EPSS: 0%CPEs: 21EXPL: 2

The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. El controlador PML HPZ12 (HPZipm12.exe) en los controladores todo en uno de HP, usado en múltiples productos HP, utiliza permisos no seguros SERVICE_CHANGE_CONFIG DACL, lo cual permite a un usuario local ganar privilegios y ejecutar programas de su elección, como se demostró con la modificación del argumento binpath, un asunto relacionado con CVE-2006-0023. • https://www.exploit-db.com/exploits/29403 http://osvdb.org/32654 http://secunia.com/advisories/23663 http://securityreason.com/securityalert/2128 http://secway.org/advisory/AD20070108.txt http://www.securityfocus.com/archive/1/456259/100/0/threaded http://www.securityfocus.com/bid/21935 http://www.vupen.com/english/advisories/2007/0094 https://exchange.xforce.ibmcloud.com/vulnerabilities/31361 •

CVSS: 5.0EPSS: 2%CPEs: 11EXPL: 4

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. • https://www.exploit-db.com/exploits/27565 http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0085.html http://secunia.com/advisories/19529 http://securitytracker.com/id?1015862 http://www.osvdb.org/24396 http://www.securityfocus.com/archive/1/429893/100/0/threaded http://www.securityfocus.com/archive/1/429984/100/0/threaded http://www.securityfocus.com/bid/17367 http://www.vupen.com/english/advisories/2006/1230 https://exchange.xforce.ibmcloud.com/vulnerabilities/256 •

CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 0

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01085 http://securitytracker.com/id?1011671 http://www.securityfocus.com/bid/11297 https://exchange.xforce.ibmcloud.com/vulnerabilities/17634 •