CVE-2020-10667

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is maptemplatename. NOTE: this is fixed in the latest version...

CVE-2021-39368

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

CVE-2021-39367

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...

CVE-2021-39368

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

Design/Logic Flaw

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

Design/Logic Flaw

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...

CVE-2021-39368

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...

CVE-2021-39368

CVE-2021-39368 affects Canon Oce Print Exec Workgroup 1.3.2, where an XSS flaw exists in the lang parameter. The vulnerability targets the application’s web interface and allows script execution in a user’s browser. References in connected records corroborate the XSS claim; no explicit exploit de...

CVE-2021-39367

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...

CVE-2021-39367

CVE-2021-39367 affects Canon Oce Print Exec Workgroup 1.3.2 and concerns a vulnerability where the host header can be injected. This is documented across multiple sources (NVD and RH Red Hat entries). The vulnerability is described as a host header injection issue; no exploit details or affected ...

Canon Oce Print Exec Workgroup 安全漏洞

Canon Oce Print Exec Workgroup is a software application from Canon Japan. A program that displays basic printer information. A security vulnerability exists in Canon Oce Print Exec Workgroup, which stems from Canon Oce Print Exec Workgroup 1.3.2 allows host header injection. An attacker could...

Canon Oce Print Exec Workgroup 跨站脚本漏洞

Canon Oce Print Exec Workgroup is a software application from Canon Japan. It is a program that displays basic printer information. A security vulnerability exists in Canon Oce Print Exec Workgroup version 1.3.2, which allows an attacker to conduct XSS attacks via the lang parameter...

CVE-2020-26508

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

Code injection

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

CVE-2020-26508

The CVE-2020-26508 entry concerns the WebTools component of Canon Oce ColorWave 3500 devices running version 5.1.1.0. The vulnerability enables an attacker to retrieve stored SMB credentials through the export feature, bypassing UI restrictions that are supposed to keep these credentials inaccess...

EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2020-2219)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch...

Canon Oce Colorwave Printer Cross Site Scripting (CVE-2020-10667)

A cross-site scripting vulnerability exists in Canon Oce Colorwave printer. Successful exploitation of this vulnerability could allow a remote attacker to inject an arbitrary web script into the affected system...

CVE-2019-15876

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged user...

Command injection

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged user...

Canon Oce Colorwave 500 CSRF Vulnerability

The Canon Oce Colorwave 500 is a printer from Canon Japan. A security vulnerability exists in the web application in Canon Oce Colorwave 500 version 4.0.0.0, which stems from the program not having any form of cross-site request forgery protection. An attacker could exploit the vulnerability to...