CVE-2006-6436

CVE-2006-6436 affects Xerox WorkCentre and WorkCentre Pro network controllers. The vulnerability enables cross-site scripting via HTTP TRACE messages in affected firmware: 12.050.03.000 and earlier, 13.x before 13.050.03.000, and 14.x before 14.050.03.000. Impact is remote injection of arbitrary ...

Xerox WorkCentre及WorkCentre Pro多个安全漏洞

Xerox WorkCentre是一款数码打印复印一体机。 Xerox WorkCentre的ESS/Network Controller和MicroServer Web Server代码中存在多个安全漏洞，具体如下： Web用户接口上的TCP/IP用户名存在命令注入漏洞； Web用户接口上的Scan-to-mailbox文件夹名称字段存在命令注入漏洞； Web用户接口上的Microsoft Networking配置参数存在命令注入漏洞； 浏览器权限可能允许非授权访问； TFTP/BOOTP自动配置选项可能允许非授权的配置设置； 可使用HTTP而不是HTTPS发布Web服务请求；...

Code injection

Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack...

CVE-2006-1139

Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack...

[SA19146] Xerox CopyCentre / WorkCentre Pro Multiple Denial of Service Vulnerabilities

TITLE: Xerox CopyCentre / WorkCentre Pro Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA19146 VERIFY ADVISORY: http://secunia.com/advisories/19146/ CRITICAL: Moderately critical IMPACT: Unknown, DoS WHERE: From remote OPERATING SYSTEM: Xerox CopyCentre...

Cross site scripting

Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...

CVE-2006-0825

Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors...

Design/Logic Flaw

Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors...

CVE-2006-0828

Technical details about CVE-2006-0828 are not publicly provided in the supplied documents; available descriptions note an unspecified vulnerability affecting Xerox WorkCentre devices. Monitor for updates.

CVE-2006-0827

The CVE-2006-0827 entry relates to a cross-site scripting vulnerability in the ESS/Network Controller and MicroServer Web Server of Xerox WorkCentre Pro and Xerox WorkCentre devices running software 13.027.24.015 and 14.027.24.015. The vulnerability is exploitable remotely over the network due to...

CVE-2006-0825

The CVE-2006-0825 entry concerns Xerox WorkCentre devices (Pro and WorkCentre lines) running software 13.027.24.015 and 14.027.24.015, where the ESS/Network Controller and MicroServer Web Server contain multiple vulnerabilities that allow remote attackers to bypass authentication or gain unauthor...

[SA18952] Xerox ESS/ Network Controller and MicroServer Vulnerabilities

TITLE: Xerox ESS/ Network Controller and MicroServer Vulnerabilities SECUNIA ADVISORY ID: SA18952 VERIFY ADVISORY: http://secunia.com/advisories/18952/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, DoS WHERE: From remote OPERATING SYSTEM: Xerox WorkCentre Pro...