CVE-2022-33035
https://notcve.org/view.php?id=CVE-2022-33035
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. XLPD versiones v7.0.0094 y anteriores, contienen una vulnerabilidad de ruta de servicio no citada que permite a usuarios locales lanzar procesos con altos privilegios • https://github.com/ycdxsb/Vuln/blob/main/Xlpd-Unquoted-Service-Path/XLpd-Unquoted-Service-Path.md https://www.netsarang.com/en/xlpd-update-history • CWE-427: Uncontrolled Search Path Element •
CVE-2022-27965
https://notcve.org/view.php?id=CVE-2022-27965
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Xlpd versiones v7.0.0094 y anteriores, contiene una vulnerabilidad de secuestro binario que permite a atacantes ejecutar código arbitrario por medio de un archivo .exe diseñado • https://github.com/ycdxsb/Vuln/tree/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xlpd-CreateProcessW-Misuse-Binary-Hijack https://www.netsarang.com/en/xlpd-update-history • CWE-428: Unquoted Search Path or Element •
CVE-2012-1009 – NetSarang Xlpd Printer Daemon 4 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-1009
NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. NetSarang Xlpd v4 Build 0100 y NetSarang Xmanager Enterprise c4 Build 0186, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición LPD mal formada. • https://www.exploit-db.com/exploits/18454 http://secpod.org/advisories/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS_Vuln.txt http://secpod.org/blog/?p=457 http://www.exploit-db.com/exploits/18454 http://www.securityfocus.com/bid/51821 https://exchange.xforce.ibmcloud.com/vulnerabilities/72933 •
CVE-2006-0148
https://notcve.org/view.php?id=CVE-2006-0148
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. • http://securitytracker.com/id?1015444 http://www.ipomonis.com/advisories/xlpd.txt http://www.securityfocus.com/bid/16164 https://exchange.xforce.ibmcloud.com/vulnerabilities/24041 •