EUVD-2016-7803

Malware in sbrugna...

CVE-2016-1487

CVE-2016-1487 affects Lexmark Markvision Enterprise prior to 2.3.0, where unsafe deserialization of untrusted Java objects in Apache Commons Collections via the RMI interface enables remote code execution. The root cause is deserialization of unauthenticated serialized objects, allowing an attack...

CVE-2016-6918

Lexmark Markvision Enterprise MVE before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files...

CVE-2016-6918

Summary: CVE-2016-6918 affects Lexmark Markvision Enterprise (MVE) prior to version 2.4.1, where a remote attacker can execute arbitrary commands by uploading files. The connected documents consistently describe this as a vulnerability in MVE before 2.4.1 with no explicit exploitation details inc...

Directory traversal

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors...

Directory traversal

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2014-9375

Lexmark Markvision Enterprise’s LibraryFileUploadServlet is vulnerable to a directory-traversal in ZIP processing. A crafted ZIP can write arbitrary files and allow remote code execution. ZDI-15-046 reports that authentication is not required and an attacker could upload files to arbitrary locati...

Lexmark MarkVision Enterprise RCE Vulnerability

Lexmark MarkVision Enterprise is prone to a remote code execution RCE vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Lexmark MarkVision Enterprise GfdFileUploadServerlet RCE Vulnerability

Nessus was able to exploit a directory traversal vulnerability in Lexmark MarkVision Enterprise, within the 'GfdFileUploadServerlet' servlet, to upload a file to the remote host. A remote attacker can utilize this vulnerability to both upload and execute arbitrary code with SYSTEM privileges...

Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...

Lexmark MarkVision Enterprise Arbitrary File Upload

This module exploits a code execution flaw in Lexmark MarkVision Enterprise before version 2.1. A directory traversal vulnerability in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested...

CVE-2013-3055

CVE-2013-3055 affects Lexmark Markvision Enterprise (before version 1.8). A diagnostic interface bound to TCP port 9789 can be accessed remotely to execute arbitrary code, change configuration, or obtain sensitive fleet-management data via unspecified vectors. Nessus plugins corroborate an unauth...