The vulnerability of the Wizard component in the microprogramming software of the RICOH MP multifunctional device allows a hacker to inject any code into the protected web page.

The vulnerability of the Wizard component file /web/entry/en/address/adrsSetUserWizard.cgi of the RICOH MP multifunctional device exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into...

The vulnerability of the Wizard component in the microprogramming software of the RICOH MP multifunctional device allows a hacker to inject any code into the protected web page.

The vulnerability of the Wizard component file /web/entry/en/address/adrsSetUserWizard.cgi of the RICOH MP multifunctional device exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into...

VulnCheck KEV: CVE-2018-7522

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states...

ITV: New rules to prevent children’s ‘smart’ toys from being hacked

In the run up to Christmas we were asked by ITV's Chris Choi to demonstrate some of the security fails we see in kids toys all the time. We showed him our research on My Friend Cayla, and Tekstra Toucan amongst others, and made the point that while manufacturers need standards and codes of practi...

RICOH MP C1803 JPN Printer - Cross-Site Scripting

Exploit Title: RICOH MP C1803 JPN Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link : https://www.ricoh.co.jp/mfp/mpc/1803/ Software : RICOH Printer Product Version: MP C1803 JPN Vulernability Type : Code Injectio...

Ricoh MP C2003 Cross-Site Scripting Vulnerability

The Ricoh MP C2003 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address addition area of the Ricoh MP C2003. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

RICOH MP C307 Cross-Site Scripting Vulnerability

The RICOH MP C307 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address addition area of the RICOH MP C307. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

RICOH MP C6003 Cross-Site Scripting Vulnerability

The RICOH MP C6003 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address addition area of the RICOH MP C6003. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

RICOH Aficio MP 301 Cross-Site Scripting Vulnerability

The RICOH Aficio MP 301 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address add area in the RICOH Aficio MP 301. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

RICOH Aficio MP 305+ Cross-Site Scripting Vulnerability

The RICOH Aficio MP 305+ is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address add area in the RICOH Aficio MP 305+. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

RICOH MP C406Z Cross-Site Scripting Vulnerability

The RICOH MP C406Z is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address add area in the RICOH MP C406Z. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

CVE-2018-17316

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-17315

On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-17311

On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-17313

On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-17314

On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-17312

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

Cross site scripting

On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

Cross site scripting

On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

Cross site scripting

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...