97 matches found
Columbia Weather Systems Weather MicroServer Cross-Site Scripting Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A cross-site scripting vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions, which arises from the program failing to properly validate...
Columbia Weather Systems Weather MicroServer Input Validation Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. An input validation vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions. An attacker can exploit this vulnerability with specially crafted...
Columbia Weather Systems Weather MicroServer Cross-Site Scripting Vulnerability (CNVD-2019-07785)
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A cross-site scripting vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions, which stems from the program failing to properly validate inpu...
Columbia Weather Systems Weather MicroServer Path Traversal Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A path traversal vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and earlier versions. An attacker can use this vulnerability to read files in the...
Columbia Weather Systems Weather MicroServer Code Injection Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A code injection vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions. A remote attacker can exploit this vulnerability to execute code...
Columbia Weather Systems MicroServer
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Columbia Weather Systems, Inc. Equipment: Weather MicroServer Vulnerabilities: Cross-site Scripting, Path Traversal, Improper Authentication, Improper Input Validation, Code Injection 2. RISK...
Xerox MicroServer Web Server Remote Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9256/info It has been reported that XeroxMicroServer/Xerox11 may be prone to a directory traversal vulnerability that may allow an attacker to traverse outside the server root directory by using '/..' or '/.' character...
Xerox WorkCentre及WorkCentre Pro多个安全漏洞
Xerox WorkCentre是一款数码打印复印一体机。 Xerox WorkCentre的ESS/Network Controller和MicroServer Web Server代码中存在多个安全漏洞,具体如下: Web用户接口上的TCP/IP用户名存在命令注入漏洞; Web用户接口上的Scan-to-mailbox文件夹名称字段存在命令注入漏洞; Web用户接口上的Microsoft Networking配置参数存在命令注入漏洞; 浏览器权限可能允许非授权访问; TFTP/BOOTP自动配置选项可能允许非授权的配置设置; 可使用HTTP而不是HTTPS发布Web服务请求;...
CVE-2006-0825
Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors...
Cross site scripting
Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...
Design/Logic Flaw
Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors...
CVE-2006-0828
Technical details about CVE-2006-0828 are not publicly provided in the supplied documents; available descriptions note an unspecified vulnerability affecting Xerox WorkCentre devices. Monitor for updates.
CVE-2006-0827
The CVE-2006-0827 entry relates to a cross-site scripting vulnerability in the ESS/Network Controller and MicroServer Web Server of Xerox WorkCentre Pro and Xerox WorkCentre devices running software 13.027.24.015 and 14.027.24.015. The vulnerability is exploitable remotely over the network due to...
CVE-2006-0825
The CVE-2006-0825 entry concerns Xerox WorkCentre devices (Pro and WorkCentre lines) running software 13.027.24.015 and 14.027.24.015, where the ESS/Network Controller and MicroServer Web Server contain multiple vulnerabilities that allow remote attackers to bypass authentication or gain unauthor...
[SA18952] Xerox ESS/ Network Controller and MicroServer Vulnerabilities
TITLE: Xerox ESS/ Network Controller and MicroServer Vulnerabilities SECUNIA ADVISORY ID: SA18952 VERIFY ADVISORY: http://secunia.com/advisories/18952/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, DoS WHERE: From remote OPERATING SYSTEM: Xerox WorkCentre Pro...
CVE-2005-2646
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests...
CVE-2005-2647
Cross-site scripting XSS vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors...
CVE-2005-2645
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication...
CVE-2005-2647
CVE-2005-2647 describes a cross-site scripting (XSS) flaw in the Xerox MicroServer Web Server used by Document Centre devices. The vulnerability affects Document Centre 220–265, 332, 340, 420–490, and 535–555, allowing remote attackers to inject arbitrary web script or HTML and modify web pages v...
CVE-2005-2646
CVE-2005-2646 refers to an unknown vulnerability in Xerox MicroServer Web Server within Xerox Document Centre models 220–265, 332, 340, 420–490, and 535–555. The issue reportedly allows remote attackers to cause a denial of service or to read files via crafted HTTP requests; the exact vectors, af...