With IoT, common devices pose new threats

For Instance… Hackers Setting Your 3D Printer on Fire The world is careening toward the reality that almost all electronics in your home and business are connected to the internet. Many of these devices contain things like heating elements, batteries, and motors that are entirely...

imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c

It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the ReadPCLImage function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An...

Oce Colorwave 500 CSRF / XSS / Authentication Bypass Vulnerabilities

Exploit for jsp platform in category web applications Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities Exploit Author: Giuseppe Calì, Marco Ortisi Authors blog: https://www.redtimmy.com Vendor Homepage: https://www.canon.com Software Link:...

CVE-2020-10669

The Canon Oce Colorwave 500 printer web interface (version 4.0.0.0) is affected by CVE-2020-10669 due to an authentication bypass on /home.jsp. An unauthenticated attacker who can reach the device’s web UI can obtain copies of documents uploaded by users. The issue is confirmed in multiple source...

CVE-2020-10671

The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version...

CVE-2020-10671

The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version...

CVE-2020-10671

The CVE-2020-10671 entry concerns the Canon Oce Colorwave 500 printer (version 4.0.0.0). The web management interface is missing CSRF protections, enabling a logged-in administrator to be targeted by an attacker to perform administrative actions. The issue is described as system-wide and is noted...

CVE-2020-10670

The Canon Oce Colorwave 500 web application (version 4.0.0.0 ) is affected by CVE-2020-10670: a Reflected XSS in the settingId parameter of the settingDialogContent.jsp page. Root cause: lack of proper input validation/escaping on user-supplied data reflected in the response. Impact: potential cl...

CVE-2020-10668

The Canon Océ Colorwave 500 printer web app (version 4.0.0.0) is vulnerable to Reflected XSS in /home.jsp via the openSI parameter. Root cause is input from user-controlled parameter not being properly sanitized, per CVE-2020-10668. The issue is fixed in the latest version. If upgrading is possib...

CVE-2020-10667

Canon Oce Colorwave 500 printer web application (version 4.0.0.0) is affected by a Stored XSS in /TemplateManager/indexExternalLocation.jsp via the map(template_name) parameter. The root cause is insufficient input validation in the web interface, allowing injection of arbitrary client-side scrip...

Multiple Lexmark Product Information Disclosure Vulnerabilities (CNVD-2020-41824)

Lexmark X, etc. are all products of Lexmark Corporation, U.S.A. The Lexmark X is an X-series printer.The Lexmark W is a W-series printer.The Lexmark T is a T-series printer. An information disclosure vulnerability exists in a number of Lexmark products, which can be exploited to obtain sensitive...

RICOH SP C250DN Logic Flaw Vulnerability

The RICOH SP C250DN is a printer from the Japanese company Ricoh RICOH. A security vulnerability exists in the Ricoh SP C250DN version 1.05, which stems from the device not implementing account locking. The vulnerability can be exploited to obtain local account credentials via brute force...

RICOH SP C250DN Denial of Service Vulnerability

The RICOH SP C250DN is a printer from the Japanese company Ricoh RICOH. A security vulnerability exists in the Ricoh SP C250DN version 1.05, which stems from the program failing to properly implement the LPD service. An attacker could exploit the vulnerability to cause a denial of service...

VMware Workstation Virtual Printer Elevation of Privilege Vulnerability

VMware Workstation is a desktop virtual computing software from VMware. A security vulnerability exists in the Virtual Printer module in VMware Workstation that stems from the program not validating a shared file submitted by a user before loading the path. An attacker could exploit the...

Brother Industries HL-L8360CDW Information Disclosure Vulnerability

The Brother Industries HL-L8360CDW is a multifunction printer from Brother Industries of Japan. An information disclosure vulnerability exists in the Brother Industries HL-L8360CDW v1.20, which arises from a configuration or other error in the operation of a networked system or product, and can b...

CVE-2019-18917

A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout...

CVE-2019-13201

Some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service DoS in the LPD service and potentially execute arbitrary code on the device...

CVE-2019-13195

The web application of some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system...

CVE-2019-13197

Some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code...

CVE-2019-13171

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...