CVSS: 7.8EPSS: 5%CPEs: 8EXPL: 5CVE-2010-4107 – HP JetDirect PJL - Interface Universal Directory Traversal
https://notcve.org/view.php?id=CVE-2010-4107
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. La configuración por defecto del valor PJL Access en las opciones de File System External Access de las impresoras HP LaserJet MFP, Color LaserJet MFP, LaserJet 4100, 4200, 4300, 5100, 8150, y 9000, activan los comandos PJL que usa el sistema de archivos del dispositivo, lo que permite a atacantes remotos la lectura de archivos de su elección a través de un comando en el trabajo activo como se ha demostrado con un ataque de salto de directorio. A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices. File system access through PJL is usually restricted to a specific part of the file system. Using a pathname such as 0:\..\..\..\ it is possible to get access to the complete file system of the device. • https://www.exploit-db.com/exploits/17635 https://www.exploit-db.com/exploits/17636 https://www.exploit-db.com/exploits/15631 https://www.exploit-db.com/exploits/32990 http://secunia.com/advisories/42238 http://securityreason.com/securityalert/8328 http://securitytracker.com/id?1024741 http://www.exploit-db.com/exploits/15631 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333 http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdf http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.1EPSS: 0%CPEs: 164EXPL: 1CVE-2009-0940
https://notcve.org/view.php?id=CVE-2009-0940
Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders, permiten a atacantes remotos (1) imprimir documentos mediante vectores desconocidos, (2) modificar la configuración de red mediante una petición NetIPChange a hp/device/config_result_YesNo.html/config o (3) cambiar la contraseña mediante los parámetros Password y ConfirmPassword a hp/device/set_config_password.html/config. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 http://osvdb.org/52847 http://osvdb.org/52848 http://osvdb.org/52849 http://www.louhinetworks.fi/advisory/HP_20090317.txt http://www.securityfocus.com/archive/1/501884/100/0/threaded http://www.securityfocus.com/bid/34143 http://www.vupen.com/english/advisories/2009/0754 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.6EPSS: 0%CPEs: 164EXPL: 0CVE-2009-0941
https://notcve.org/view.php?id=CVE-2009-0941
The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. El HP Embedded Web Server (EWS) en HP LaserJet Printers, Edgeline Printers, y Digital Senders no tiene contraseña de administración por defecto, lo que facilita a atacantes remotos el obtener acceso. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 http://www.louhinetworks.fi/advisory/HP_20090317.txt http://www.securityfocus.com/archive/1/501884/100/0/threaded http://www.vupen.com/english/advisories/2009/0754 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.1EPSS: 0%CPEs: 21EXPL: 2CVE-2007-0161 – HP (Multiple Products) - PML Driver HPZ12 Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-0161
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. El controlador PML HPZ12 (HPZipm12.exe) en los controladores todo en uno de HP, usado en múltiples productos HP, utiliza permisos no seguros SERVICE_CHANGE_CONFIG DACL, lo cual permite a un usuario local ganar privilegios y ejecutar programas de su elección, como se demostró con la modificación del argumento binpath, un asunto relacionado con CVE-2006-0023. • https://www.exploit-db.com/exploits/29403 http://osvdb.org/32654 http://secunia.com/advisories/23663 http://securityreason.com/securityalert/2128 http://secway.org/advisory/AD20070108.txt http://www.securityfocus.com/archive/1/456259/100/0/threaded http://www.securityfocus.com/bid/21935 http://www.vupen.com/english/advisories/2007/0094 https://exchange.xforce.ibmcloud.com/vulnerabilities/31361 •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2006-6742
https://notcve.org/view.php?id=CVE-2006-6742
Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command. Múltiples desbordamientos de búfer en FTP Print Server 2.4 y 2.4.5 en impresoras HP LaserJet 5000 Series con software empotrado (firmware) R.25.15 o R.25.47, e impresoras HP LaserJet 5100 Series con software empotrado V.29.12, permiten a atacantes remotos provocar una denegación de servicio (caída de dispositivo) mediante una cadena larga en los comandos (1) LIST o (2) NLST. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051367.html http://secunia.com/advisories/23396 http://securityreason.com/securityalert/2074 http://www.securityfocus.com/archive/1/454817/100/0/threaded http://www.vupen.com/english/advisories/2006/5081 •