Lucene search
+L

282 matches found

Vulnrichment
Vulnrichment
added 2024/03/14 3:4 a.m.31 views

CVE-2024-1223 Improper authorization controls in PaperCut NG/MF

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...

4.8CVSS4.8AI score0.00445EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/14 3:4 a.m.38 views

CVE-2024-1223 Improper authorization controls in PaperCut NG/MF

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...

4.8CVSS5.2AI score0.00445EPSS
Exploits0References1
CVE
CVE
added 2024/03/14 3:3 a.m.105 views

CVE-2024-1222

CVE-2024-1222 affects PaperCut NG/MF: a vulnerability in a subset of API calls that allows an attacker to gain elevated API authorization levels via a maliciously formed API request. Connected sources consistently describe an elevation-of-privilege issue within PaperCut NG/MF APIs and note the af...

9.8CVSS8.5AI score0.63984EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/03/14 3:3 a.m.74 views

CVE-2024-1222 Incorrect authorization controls in PaperCut NG/MF APIs

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls...

8.6CVSS8.7AI score0.63984EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/14 3:1 a.m.12 views

CVE-2024-1221 Improper access controls on APIs on Linux and macOS in PaperCut NG/MF

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF...

3.1CVSS3.7AI score0.00546EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/14 3:1 a.m.23 views

CVE-2024-1221 Improper access controls on APIs on Linux and macOS in PaperCut NG/MF

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF...

3.1CVSS4.3AI score0.00546EPSS
Exploits0References1
CVE
CVE
added 2024/03/14 3:1 a.m.96 views

CVE-2024-1221

CVE-2024-1221 affects PaperCut NG/MF on Linux and macOS. It describes improper access controls on the PaperCut API that can allow an attacker to cause related files on the server to be exposed via a crafted payload to an impacted API endpoint. The attacker is said to require some reconnaissance t...

3.1CVSS4.1AI score0.00546EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.7 views

PT-2024-18390 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This is a reflected cross-site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a...

6.3CVSS6.2AI score0.61472EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.5 views

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from the presence of a server-side request forgery SSRF vulnerability that allows an attacker to trick a server-side application into making HTT...

6.5CVSS6.9AI score0.37934EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/14 12:0 a.m.5 views

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from the presence of a reflected cross-site scripting vulnerability that could allow an attacker to cause a limited loss of confidentiality,...

6.3CVSS6AI score0.61472EPSS
Exploits0References2
OSV
OSV
added 2024/03/04 6:15 p.m.2 views

UBUNTU-CVE-2021-47090

In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvise with MADVSOFTOFFLINE. The BUG is triggered when retrying getanypage. This is because we keep...

5.5CVSS5.9AI score0.00353EPSS
Exploits1References6
OSV
OSV
added 2023/12/28 7:15 p.m.2 views

CVE-2023-50842

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1...

8.8CVSS7.3AI score0.00481EPSS
Exploits0References1
Prion
Prion
added 2023/12/28 7:15 p.m.16 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1...

6.5CVSS7.9AI score0.00481EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/28 6:32 p.m.51 views

CVE-2023-50842

CVE-2023-50842 : In MF Gig Calendar (WordPress plugin), an SQL Injection vulnerability arises from improper neutralization of special elements in SQL commands. Affected versions are MF Gig Calendar: from n/a through 1.2.1. The CVSS v3.1 base score is 8.8 (HIGH) with network attack vector, low com...

8.8CVSS8.8AI score0.00481EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.6 views

PT-2023-31674 · Unknown · Mf Gig Calendar

Name of the Vulnerable Software and Affected Versions: MF Gig Calendar versions 1.2.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

8.8CVSS9AI score0.00481EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/12/21 12:0 a.m.8 views

WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection

Software MF Gig Calendar Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50842 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 54f1b98a01c0 Credits Khalid Yusuf Required privilege Contributor...

8.8CVSS6.8AI score0.00481EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2023/12/07 5:6 p.m.5 views

mf-music.com Improper Access Control vulnerability OBB-3805507

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/07 5:4 p.m.7 views

mf-billet.com Improper Access Control vulnerability OBB-3805502

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
OSV
OSV
added 2023/12/06 4:44 p.m.10 views

MAL-2023-8668 Malicious code in @saas-mf/ccm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4491a282ac34d4b4d1727c2376452a4566fb2a48fc548c5a86ef03a62902d9d0 The OpenSSF Package Analysis project identified '@saas-mf/ccm' @ 25.0.9 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.5 views

PaperCut MF and PaperCut NG Security Vulnerabilities

PaperCut MF and PaperCut NG are both products of PaperCut Australia.PaperCut MF is a multifunctional printer control software.PaperCut NG is a next-generation printer control software.PaperCut MF is a multifunctional printer control software.PaperCut NG is a next-generation printer control...

7.8CVSS6.4AI score0.0036EPSS
Exploits0References3
Rows per page
Query Builder