Vulnerability fixed in Xerox products

A vulnerability has been fixed in Xerox Phaser, WorkCentre and VersaLink. The vulnerability allows a malicious person to execute arbitrary code under the user's privileges. Xerox did not release any substantive details about this vulnerability. No CVE attribute has been assigned to this...

CVE-2019-13169

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device...

CVE-2019-13168

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service DoS and potentially execute arbitrary code on the device...

CVE-2019-13167

Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...

CVE-2019-13170

Some Xerox printers such as the Phaser 3320 V53.006.16.000 did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device...

CVE-2019-13167

Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...

Buffer overflow

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device...

CVE-2019-13171

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...

CVE-2019-13170

Some Xerox printers such as the Phaser 3320 V53.006.16.000 did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device...

CVE-2019-13167

Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...

CVE-2019-13166

Some Xerox printers such as the Phaser 3320 V53.006.16.000 did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks...

Cross site scripting

Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...

CVE-2019-13167

Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...

CVE-2019-13172

CVE-2019-13172 concerns a buffer overflow vulnerability in the Authentication Cookie of the web application on some Xerox printers (e.g., Phaser 3320 with firmware 53.006.16.000). The underlying issue allows an attacker to execute arbitrary code on the device. Documents consistently describe the ...

Tektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink Webserver Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/806/info Certain versions of the Tektronix PhaserLink printer ship with a webserver designed to help facilitate configuration of the device. This service is essentially administrator level access as it can completely modi...

Tektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewall is in place, any attacker can reach t...

Code injection

The Xerox Phaser 8400 allows remote attackers to cause a denial of service reboot via an empty UDP packet to port 1900...

CVE-2008-3571

The Xerox Phaser 8400 allows remote attackers to cause a denial of service reboot via an empty UDP packet to port 1900...

CVE-2008-3571

The Xerox Phaser 8400 allows remote attackers to cause a denial of service reboot via an empty UDP packet to port 1900...

CVE-2008-3571

CVE-2008-3571 affects the Xerox Phaser 8400. It enables a remote denial of service (reboot) via an empty UDP packet to port 1900. The NVD lists this as a network, low-ability to exploit, no authentication, with a high impact (availability complete) and a base score of 7.8 (CVSS v2.0). No further ...