EUVD-2023-33991

Malicious code in bioql PyPI...

CVE-2023-2508

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

Cross site request forgery (csrf)

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

CVE-2023-2508

PaperCutNG Mobility Print 1.0.3512 is affected by a CSRF vulnerability that allows an unauthenticated attacker to make an instance administrator configure the client host via the Configure printer discovery section. The root cause is lack of CSRF protections (no Anti-CSRF tokens, header origin va...

PT-2023-19919 · Papercut · Papercutng Mobility Print

Name of the Vulnerable Software and Affected Versions: PaperCutNG Mobility Print version 1.0.3512 Description: The PaperCutNG Mobility Print application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the client's host in the "configure printe...

Metasploit Weekly Wrap-Up

MOVEit It has been a busy few weeks in the security space; the MOVEit vulnerability filling our news feeds with dancing lemurs and a Barracuda vulnerability that has us all wondering how many shredders out there can handle a 1U appliance. Despite those very worthwhile distractions, Metasploit has...

PaperCut PaperCutNG Authentication Bypass

This module leverages an authentication bypass in PaperCut NG. If necessary it updates Papercut configuration options, specifically the 'print-and-device.script.enabled' and 'print.script.sandboxed' options to allow for arbitrary code execution running in the builtin RhinoJS engine. This module...

PaperCut PaperCutNG Authentication Bypass Exploit

This Metasploit module leverages an authentication bypass in PaperCut NG. If necessary it updates Papercut configuration options, specifically the print-and-de vice.script.enabled and print.script.sandboxed options to allow for arbitrary code execution running in the builtin RhinoJS engine. This...