34 matches found
CVE-2022-50932
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...
CVE-2022-50932
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...
CVE-2022-50932 Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...
CVE-2022-50932 Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...
CVE-2022-50932
CVE-2022-50932 affects Kyocera Command Center RX ECOSYS M2035dn. A directory traversal flaw on the /js/ path allows unauthenticated attackers to read sensitive files (e.g., /etc/passwd, /etc/shadow) by crafting traversal strings (including null-byte variants). Reported exploitation exists (e.g., ...
CVE-2019-13198
The web application of several Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...
CVE-2022-41830
Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci,...
CVE-2022-41798
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci,...
Code injection
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci,...
多款Kyocera产品跨站脚本漏洞
The Kyocera ECOSYS Series and Kyocera FS Series are both a series of printers from Kyocera Japan. A security vulnerability exists in the Kyocera MFP 4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN versions, which can be exploited by an attacker to inject arbitrary scripts...
多款Kyocera产品安全漏洞
The Kyocera ECOSYS Series and Kyocera FS Series are both a series of printers from Kyocera, Japan. A security vulnerability exists in the Kyocera MFP 4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN versions, which stems from the presence of session information in the printers...
CVE-2022-41807
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci,...
Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)
Exploit Title: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-10 Vendor Homepage: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html Tested Version:...
Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Vulnerability
Exploit Title: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Unauthenticated Author: Luis Martinez Vendor Homepage: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html Tested Version: ECOSYS M2035dn Tested on: Linu...
Kyocera Command Center RX ECOSYS M2035dn Directory Traversal
Exploit Title: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-10 Vendor Homepage: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html Tested Version:...
Weak password vulnerability in KYOCERA ECOSYS M5520cdn
The ECOSYS M5520cdn is an all-in-one printer. A weak password vulnerability exists in the KYOCERA ECOSYS M5520cdn, which can be exploited by an attacker to obtain sensitive information...
CVE-2020-25890
The web application of Kyocera printer ECOSYS M2640IDW is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the...
CVE-2020-25890
CVE-2020-25890 affects the Kyocera ECOSYS M2640IDW web application. The vulnerability is a Stored XSS flaw discovered when adding a new contact in the "Machine Address Book." Successful exploitation can lead to administrator session hijacking or execution of unwanted actions within the web app. T...
Kyocera ECOSYS M2640IDW Cross-Site Scripting Vulnerability
The Kyocera ECOSYS M2640IDW is a multifunction printer from Kyocera, Japan. A cross-site scripting vulnerability exists in Kyocera printer ECOSYS M2640IDW, which was discovered when adding a contact to Machine Address Book. Successful exploitation of this vulnerability could result in the hijacki...
Kyocera ECOSYS M5526cdw Cross-Site Scripting Vulnerability (CNVD-2020-20976)
The Kyocera ECOSYS M5526CDW is a multifunction printer from Kyocera Japan. A cross-site scripting vulnerability in the Web application in the Kyocera ECOSYS M5526CDW version 2R72000.001.701, which stems from a lack of proper validation of client-side data in the WEB application, can be exploited ...