Lexmark Printer Configuration Persistent XSS

The version of the remote Lexmark printer is potentially affected by a cross-site scripting vulnerability. An input validation error exists related to the 'General Settings' configuration page and the 'Location' and 'Contact Name' parameters that could allow persistent cross-site scripting attack...

CVE-2013-6032

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P15...

CVE-2013-6033

Multiple cross-site scripting XSS vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printer...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printer...

Default credentials

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P15...

CVE-2013-6033

Multiple cross-site scripting XSS vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printer...

CVE-2013-6032

CVE-2013-6032 affects Lexmark printers (models listed in the CVE description) and is triggered by a flaw in POSTing vac.255.GENPASSWORD to /cgi-bin/postpf/cgi-bin/dynamic/config/config.html, allowing removal of the Password Protect administrator password. The vulnerability enables remote attacker...

CVE-2013-6033

CVE-2013-6033 describes multiple stored cross-site scripting (XSS) vulnerabilities in Lexmark laser printers (models including W840 families and others) where remote authenticated users can inject arbitrary web script via the Embedded Web Server (EWS) or SNMP by setting the Location or Contact fi...

CVE-2013-6032

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P15...

Lexmark laser printers contain multiple vulnerabilities

Overview Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks. Description CWE-620: Unverified Password Change - CVE-2013-6032Certain models of Lexmark laser printers and MarkNet devices are vulnerable to an attack which allows a remote...

Groovy Shell Unauthenticated Remote Command Execution

The remote host has an unprotected Groovy Shell bound to a TCP port that is listening and allows for commands to be executed by an unauthenticated, remote attacker. This shell is known to be included with Lexmark Markvision. C Tenable Network Security, Inc. include"compat.inc"; if description...

Lexmark Markvision Enterprise Remote Command Execution

The version of Lexmark Markvision installed on the remote host is earlier than 1.8.0 and gets installed with a Groovy Shell intended for diagnostic purposes that binds to TCP port 9789. This could allow for commands to be executed by an unauthenticated, remote attacker. Note that this plugin does...

Lexmark Markvision Enterprise Detection

Lexmark Markvision Enterprise, a web-based printer and multi-function device management system, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66326; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Lexmark...

Lexmark Markvision Enterprise Default Credentials

The remote Lexmark Markvision Enterprise install, a web-based printer and multi-function device management system, is protected with a set of known default credentials that allow admin level access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2013-3055

Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors...

Design/Logic Flaw

Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors...

CVE-2013-3055

Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors...

CVE-2013-3055

CVE-2013-3055 affects Lexmark Markvision Enterprise (before version 1.8). A diagnostic interface bound to TCP port 9789 can be accessed remotely to execute arbitrary code, change configuration, or obtain sensitive fleet-management data via unspecified vectors. Nessus plugins corroborate an unauth...

Lexmark Printer Detection (HTTP)

This script performs HTTP based detection of Lexmark printer devices. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unprotected Lexmark Printer (HTTP)

The remote Lexmark Printer is not protected by a password and/or permissions for default users are too lose. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...