282 matches found
CVE-2024-1223 Improper authorization controls in PaperCut NG/MF
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...
CVE-2024-1223 Improper authorization controls in PaperCut NG/MF
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...
CVE-2024-1222
CVE-2024-1222 affects PaperCut NG/MF: a vulnerability in a subset of API calls that allows an attacker to gain elevated API authorization levels via a maliciously formed API request. Connected sources consistently describe an elevation-of-privilege issue within PaperCut NG/MF APIs and note the af...
CVE-2024-1222 Incorrect authorization controls in PaperCut NG/MF APIs
This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls...
CVE-2024-1221 Improper access controls on APIs on Linux and macOS in PaperCut NG/MF
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF...
CVE-2024-1221 Improper access controls on APIs on Linux and macOS in PaperCut NG/MF
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF...
CVE-2024-1221
CVE-2024-1221 affects PaperCut NG/MF on Linux and macOS. It describes improper access controls on the PaperCut API that can allow an attacker to cause related files on the server to be exposed via a crafted payload to an impacted API endpoint. The attacker is said to require some reconnaissance t...
PT-2024-18390 · Papercut · Papercut Ng/Mf
Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This is a reflected cross-site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a...
PaperCut NG Security Vulnerability
PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from the presence of a server-side request forgery SSRF vulnerability that allows an attacker to trick a server-side application into making HTT...
PaperCut NG Security Vulnerability
PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from the presence of a reflected cross-site scripting vulnerability that could allow an attacker to cause a limited loss of confidentiality,...
UBUNTU-CVE-2021-47090
In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvise with MADVSOFTOFFLINE. The BUG is triggered when retrying getanypage. This is because we keep...
CVE-2023-50842
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1...
CVE-2023-50842
CVE-2023-50842 : In MF Gig Calendar (WordPress plugin), an SQL Injection vulnerability arises from improper neutralization of special elements in SQL commands. Affected versions are MF Gig Calendar: from n/a through 1.2.1. The CVSS v3.1 base score is 8.8 (HIGH) with network attack vector, low com...
PT-2023-31674 · Unknown · Mf Gig Calendar
Name of the Vulnerable Software and Affected Versions: MF Gig Calendar versions 1.2.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...
WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection
Software MF Gig Calendar Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50842 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 54f1b98a01c0 Credits Khalid Yusuf Required privilege Contributor...
mf-music.com Improper Access Control vulnerability OBB-3805507
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mf-billet.com Improper Access Control vulnerability OBB-3805502
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MAL-2023-8668 Malicious code in @saas-mf/ccm (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4491a282ac34d4b4d1727c2376452a4566fb2a48fc548c5a86ef03a62902d9d0 The OpenSSF Package Analysis project identified '@saas-mf/ccm' @ 25.0.9 npm as malicious. It is considered malicious because: - The package...
PaperCut MF and PaperCut NG Security Vulnerabilities
PaperCut MF and PaperCut NG are both products of PaperCut Australia.PaperCut MF is a multifunctional printer control software.PaperCut NG is a next-generation printer control software.PaperCut MF is a multifunctional printer control software.PaperCut NG is a next-generation printer control...