RICOH MP C4504ex Cross Site Request Forgery

Exploit Title: RICOH MP C4504ex Printer - Cross-Site Request Forgery Add Admin Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

HP Jetdirect Path Traversal Arbitrary Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule 'HP Jetdirect Path Traversal Arbitrary Code Execution', 'Description' = %q The module exploits a path traversal via...

HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule 'HP Jetdirect Path Traversal Arbitrary Code Execution', 'Description' = %q The module exploits a path traversal via...

RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)

Exploit Title: RICOH MP C4504ex Printer - Cross-Site Request Forgery Add Admin Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

HP Jetdirect Path Traversal Arbitrary Code Execution

The module exploits a path traversal via Jetdirect to gain arbitrary code execution by writing a shell script that is loaded on startup to /etc/profile.d. Then, the printer is restarted using SNMP. Impacted printers: HP PageWide Managed MFP P57750dw HP PageWide Managed P55250dw HP PageWide Pro MF...

CVE-2018-15748

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...

CVE-2018-15748

CVE-2018-15748 affects Dell 2335dn printers. The admin interface (Email Settings) may leak the SMTP/LDAP password to an authenticated attacker by viewing HTML source, with authentication possibly achievable via a blank default admin password. Affected versions include Printer Firmware 2.70.05.02,...

[SECURITY] Fedora 28 Update: lulzbot-marlin-firmware-1.1.8.62-1.fc28

Marlin firmware files for the Lulzbot family of 3D printers...

The vulnerability of microprogrammed software in HP PageWide, DesignJet, AMP, Deskjet, Envy, Ink Tank, Officejet, Photosmart, and Smart Tank printers arises from an operation that goes beyond buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of microprogrammed software on HP PageWide, DesignJet, AMP, Deskjet, Envy, Ink Tank, Officejet, Photosmart, and Smart Tank devices arises from operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code ...

The vulnerability of microprogrammed software in HP PageWide, DesignJet, AMP, Deskjet, Envy, Ink Tank, Officejet, Photosmart, and Smart Tank printers arises from an operation that goes beyond buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of microprogrammed software on HP PageWide, DesignJet, AMP, Deskjet, Envy, Ink Tank, Officejet, Photosmart, and Smart Tank devices arises from operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code ...

Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting, and New VDP Project

Bugcrowd has had a busy summer. Recently, the bug-bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities. Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best...

Hackers can compromise your network just by sending a Fax

What maximum a remote attacker can do just by having your Fax machine number? Believe it or not, but your fax number is literally enough for a hacker to gain complete control over the printer and possibly infiltrate the rest of the network connected to it. Check Point researchers have revealed...

Command Execution Vulnerability in HP Color LaserJet Pro M252 Series

The HP Color LaserJet Pro M252 is a color laser printer manufactured by HP Trading Shanghai Co. A command execution vulnerability exists in the HP Color LaserJet Pro M252 series, which can be exploited by an attacker to execute remote commands...

Command Execution Vulnerability in HP LaserJet 5200 Series Printers

The HP LaserJet 5200 series is a printer from HP China. A command execution vulnerability exists in the HP LaserJet 5200 series printers, which can be exploited by an attacker to execute commands through port 9100...

Multiple Cross-Site Scripting Vulnerabilities in Samsung Syncthru Web Service

Samsung Syncthru Web Service is a web-based synchronization service for printers from Samsung South Korea. Multiple cross-site scripting vulnerabilities exist in Samsung Syncthru Web Service version 4.05.61. A remote attacker can exploit the vulnerabilities to inject arbitrary web script or HTML...

HP Bug Bounty Program: Hack HP Printers & Earn Up To $10,000

By Uzair Amir HP Discloses its Bug Bounty Program and Here’s What You Need To Know. The Palo Alto Calif. based HP Inc., has disclosed what it terms as the industry’s first-ever bug bounty program, which has been launched to inspect printer security relates issues. The print security bug bounty...

Command Execution Vulnerability in HP LaserJet Professional P1600 Series Printers

HP LaserJet Professional P1600 is a printer series developed by Hewlett-Packard. A command execution vulnerability exists in the HP LaserJet Professional P1600 series of printers. An attacker could exploit the vulnerability to execute commands and gain server privileges...

HP Offers Up to $10,000 Rewards for Printer Bugs

HP launched a bug bounty program for printers Tuesday, with a max payout of $10,000 a vulnerability. The company, which has partnered with Bugcrowd to offer between $500 and $10,000 for bug discoveries, said that it marks the first-ever bug bounty program for printers. “HP has offered a way for...

Command Execution Vulnerability in Lenovo M7650DNF Printer

The Lenovo M7650DNF is a black and white laser MFP targeted at individual users, SOHO offices and small and medium-sized businesses with copy/scan/fax needs. A command execution vulnerability exists in the Lenovo M7650DNF printer, which can be exploited by an attacker to remotely execute commands...

The vulnerability of Canon’s microprogrammed software for printers stems from deficiencies in authentication procedures, allowing attackers to gain access to the device’s web interface with administrator privileges.

The vulnerability of Canon printer’s microprogramming software is related to deficiencies in the authentication process when using standard device settings. Exploiting this vulnerability can allow a malicious actor to gain access to the device’s web interface with administrator privileges...