CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1487
https://notcve.org/view.php?id=CVE-2016-1487
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. Lexmark Markvision Enterprise versiones anteriores a 2.3.0, usa inapropiadamente la Apache Commons Collections Library, conllevando a una ejecución de código remota debido a una deserialización de Java. • http://support.lexmark.com/index?page=content&id=TE747&locale=EN&userlocale=EN_US • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-6918
https://notcve.org/view.php?id=CVE-2016-6918
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( Lexmark Markvision Enterprise (MVE) versiones anteriores a 2.4.1, permite a atacantes remotos ejecutar comandos arbitrarios mediante la carga de archivos. • http://support.lexmark.com/index?page=content&id=TE828&locale=EN&userlocale=EN_US • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 96%CPEs: 1EXPL: 0CVE-2014-9375 – Lexmark Markvision Enterprise LibraryFileUploadServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-9375
Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. Vulnerabilidad de salto de directorio en el servlet LibraryFileUploadServlet en Lexmark Markvision Enterprise permite a usuarios remotos autenticados escribir a y ejecutar ficheros arbitrarios a través de un .. (punto punto) en la ruta de un fichero en un archivo ZIP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. • http://support.lexmark.com/index?page=content&id=TE677 http://www.zerodayinitiative.com/advisories/ZDI-15-046 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-8742 – Lexmark MarkVision Enterprise ReportDownloadServlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-8742
Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en el servlet ReportDownloadServlet en Lexmark MarkVision Enterprise versiones anteriores a 2.1, permite a atacantes remotos leer archivos arbitrarios por medio de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportDownloadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • http://support.lexmark.com/index?page=content&id=TE666 http://www.zerodayinitiative.com/advisories/ZDI-14-411 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 2CVE-2014-8741 – Lexmark MarkVision Enterprise GfdFileUploadServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-8741
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en el servlet GfdFileUploadServerlet en Lexmark MarkVision Enterprise versiones anteriores a 2.1, permite a atacantes remotos escribir en archivos arbitrarios por medio de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • https://www.exploit-db.com/exploits/35776 http://support.lexmark.com/index?page=content&id=TE666 http://www.zerodayinitiative.com/advisories/ZDI-14-410 http://support.lexmark.com/index?page=content&id=TE666&locale=EN&userlocale=EN_US https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •