CVE-2011-3269
https://notcve.org/view.php?id=CVE-2011-3269
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. Los dispositivos Lexmark X, W, T, E, C, 6500e y 25xxN antes del 15-11-2011, permiten a atacantes obtener información confidencial por medio de una dirección de correo electrónico oculta en un acceso directo de Scan To Email. • http://contentdelivery.lexmark.com/webcontent/Email_shortcut_vulnerability.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-6033
https://notcve.org/view.php?id=CVE-2013-6033
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. Múltiples vulnerabilidades de XSS en impresoras Lexmark W840 hasta LS.HA.P252, T64x anterior a LS.ST.P344, C935dn hasta LC.JO.P091, C920 hasta LS.TA.P152, C53x hasta LS.SW.P069, C52x hasta LS.FA.P150, E450 hasta LM.SZ.P124, E350 hasta LE.PH.P129 y E250 hasta LE.PM.P126 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrario usando (1) SNMP o (2) Embedded Web Server (EWS) para establecer los campos (a) Contact o (b) Location. • http://support.lexmark.com/index?page=content&id=TE585 http://www.kb.cert.org/vuls/id/108062 http://www.osvdb.org/102752 http://www.securityfocus.com/bid/65277 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6032
https://notcve.org/view.php?id=CVE-2013-6032
cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter. cgi-bin/postpf/cgi-bin/dynamic/config/config.html en impresoras Lexmark X94x anterior a LC.BR.P142, X85x hasta LC4.BE.P487, X644 y X646 anterior a LC2.MC.P374, X642 hasta LC2.MB.P318, W840 hasta LS.HA.P252, T64x anterior a LS.ST.P344, X64xef hasta LC2.TI.P325, C935dn hasta LC.JO.P091, C920 hasta LS.TA.P152, C78x hasta LC.IO.P187, X78x hasta LC2.IO.P335, C77x hasta LC.CM.P052, X772 hasta LC2.TR.P291, C53x hasta LS.SW.P069, C52x hasta LS.FA.P150, 25xxN hasta LCL.CU.P114, N4000 hasta LC.MD.P119, N4050e hasta GO.GO.N206, N70xxe hasta LC.CO.N309, E450 hasta LM.SZ.P124, E350 hasta LE.PH.P129 y E250 hasta LE.PM.P126 permite a atacantes remotos eliminar la contraseña administrativa a través del parámetro vac.255.GENPASSWORD. • http://support.lexmark.com/index?page=content&id=TE586 http://www.kb.cert.org/vuls/id/108062 • CWE-20: Improper Input Validation •
CVE-2010-0101
https://notcve.org/view.php?id=CVE-2010-0101
The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. El servidor HTTP embebido en multiples impresoras laser e inyección Lexmark y dispositivos MarkNet, incluyendo X94x, W840, T656, N4000, E462, C935dn, 25xxN y otros modelos, permiten a atacantes remotos causar una denegación de servicio (parada del sistema operativo) a través de una cabecera de Autorización HTTP malformada. • http://support.lexmark.com/index?page=content&id=TE87&locale=EN&userlocale=EN_US • CWE-20: Improper Input Validation •