59 matches found
Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...
Lexmark MarkVision Enterprise GfdFileUploadServlet Directory Traversal (CVE-2014-8741)
A directory traversal vulnerability exists in Lexmark MarkVision Enterprise. The vulnerability is due to an input validation issue when processing user supplied data used for writing files to the system by the GfdFileUploadServlet servlet. A remote unauthenticated attacker could exploit this...
Lexmark MarkVision Enterprise Arbitrary File Upload
This module exploits a code execution flaw in Lexmark MarkVision Enterprise before version 2.1. A directory traversal vulnerability in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested...
Lexmark MarkVision Enterprise < 2.1 Multiple Vulnerabilities
The version of Lexmark MarkVision Enterprise installed on the remote host is prior to 2.1.0. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability due to improper handling of user input to the 'GfdFileUploadServerlet' servlet. CVE-2014-8741 - An...
Lexmark MarkVision Enterprise GfdFileUploadServlet Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does no...
Lexmark MarkVision Enterprise ReportDownloadServlet Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportDownloadServlet class. The class contains a method that does n...
Lexmark MarkVision Enterprise GfdFileUploadServlet Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lexmark MarkVision Enterprise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does no...
Lexmark Markvision Enterprise Remote Command Execution
The version of Lexmark Markvision installed on the remote host is earlier than 1.8.0 and gets installed with a Groovy Shell intended for diagnostic purposes that binds to TCP port 9789. This could allow for commands to be executed by an unauthenticated, remote attacker. Note that this plugin does...
Groovy Shell Unauthenticated Remote Command Execution
The remote host has an unprotected Groovy Shell bound to a TCP port that is listening and allows for commands to be executed by an unauthenticated, remote attacker. This shell is known to be included with Lexmark Markvision. C Tenable Network Security, Inc. include"compat.inc"; if description...
Lexmark Markvision Enterprise Detection
Lexmark Markvision Enterprise, a web-based printer and multi-function device management system, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66326; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Lexmark...
Lexmark Markvision Enterprise Default Credentials
The remote Lexmark Markvision Enterprise install, a web-based printer and multi-function device management system, is protected with a set of known default credentials that allow admin level access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2013-3055
Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors...
Design/Logic Flaw
Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors...
CVE-2013-3055
Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors...
CVE-2013-3055
CVE-2013-3055 affects Lexmark Markvision Enterprise (before version 1.8). A diagnostic interface bound to TCP port 9789 can be accessed remotely to execute arbitrary code, change configuration, or obtain sensitive fleet-management data via unspecified vectors. Nessus plugins corroborate an unauth...
CVE-2001-0044
The CVE-2001-0044 entry concerns Lexmark MarkVision printer driver components; specifically, multiple buffer overflows in cat_network, cat_paraller, and cat_serial allow local users to gain privileges via long command arguments. The root cause is a buffer overflow in argument handling within thes...
SRADV00007.txt
================================================= Secure Reality Pty Ltd. Security Advisory 7 SRADV00007 http://www.securereality.com.au ================================================= Title Local root compromise through Lexmark MarkVision printer drivers Released 6/11/2000 Vulnerable Versions...
Дырки в MarkVision
Несколько утилит содержат переполнения буфера...
(SRADV00007) Local root compromise through Lexmark MarkVision printer drivers
================================================= Secure Reality Pty Ltd. Security Advisory 7 SRADV00007 http://www.securereality.com.au ================================================= Title Local root compromise through Lexmark MarkVision printer drivers Released 6/11/2000 Vulnerable Versions...