23 matches found
EUVD-2022-30020
Malicious code in bioql PyPI...
CVE-2022-25342
An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, i...
Kyocera d-COLOR MF3555 Cross-Site Scripting Vulnerability
Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Japan.A cross-site scripting vulnerability exists in the Kyocera d-COLOR MF3555 2XDS000.002.271 device, which stems from a web application not properly checking parameters before saving them to the server, and can be exploited b...
Kyocera d-COLOR MF3555 Access Control Error Vulnerability
Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Japan.An access control error vulnerability exists in firmware version 2XDS000.002.271 of Kyocera d-COLOR MF3555, which stems from a web application that does not properly validate requests to access data and functions under the...
Kyocera d-COLOR MF3555 Denial of Service Vulnerability
Kyocera d-COLOR MF3555 is a color multifunction printer from Kyocera Japan.A denial of service vulnerability exists in the firmware version Kyocera d-COLOR MF3555 2XDS000.002.271, which stems from a failure to properly handle incoming error messages and can be exploited by an authenticated attack...
CVE-2022-25343
An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the...
CVE-2022-25344
An XSS issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is the...
CVE-2022-25343
An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the...
CVE-2022-25342
An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, i...
CVE-2022-25344
An XSS issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is the...
CVE-2022-25342
An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, i...
CVE-2022-25344
An XSS issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is the...
Design/Logic Flaw
An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the...
Cross site scripting
An XSS issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is the...
Improper access control
An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, i...
CVE-2022-25344
The CVE-2022-25344 entry describes a reflected XSS in the web interface of the Kyocera/Olivetti d-COLOR MF3555 device (2XD_S000.002.271). The vulnerability stems from improper validation of POST parameters sent to /dvcset/sysset/set.cgi via the arg01.Hostname field, which are saved on the server ...
CVE-2022-25344
An XSS issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is the...
CVE-2022-25343
The CVE-2022-25343 entry concerns Kyocera d-COLOR MF3555 (firmware 2XD_S000.002.271). The vulnerability is a Denial of Service in the Web Application, exploitable by an unauthenticated attacker who can send POST requests to /download/set.cgi and manipulate the failhtmfile parameter, causing inter...
CVE-2022-25343
An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the...
CVE-2022-25342
CVE-2022-25342 corresponds to a Kyocera d-COLOR MF3555 firmware issue (2XD_S000.002.271) where the web application fails to properly validate access to data and functions under the /mngset/authset path, enabling viewing of pages that should be restricted. The vulnerability is categorized as Broke...