3863 matches found
[security bulletin] HPSBHF03279 rev.1 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04583185 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583185 Version: 1 HPSBHF03279 rev....
Hewlett-Packard POS Printer Windows And OPOS Drivers OPOSMICR.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
Hewlett-Packard POS Printer Windows and OPOS Drivers OPOSPOSPrinter.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
Hewlett-Packard POS Printer Windows And OPOS Drivers OPOSCashDrawer.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
Hewlett-Packard POS Printer Windows and OPOS Drivers OPOSCheckScanner.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
HP Point of Sale PCs Running Windows with OPOS Drivers Arbitrary Code Execution Vulnerability (CNVD-2015-01598)
HP Point of Sale PCs Running Windows with OPOS Drivers is a set of OPOS drivers from Hewlett-Packard HP that run on the Windows operating system for Hewlett-Packard point-of-sale terminals. A security vulnerability exists in the OPOSPOSPrinter.ocx file in various printer devices in versions prior...
cups: allows local users to read arbitrary files via a symlink attack
It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system...
Printer File Deletion Scanner
This module deletes a file on a set of printers using the Printer Job Language PJL protocol. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule "Printer File Deletion...
Printer File Upload Scanner
This module uploads a file to a set of printers using the Printer Job Language PJL protocol. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule "Printer File Upload Scanner"...
Debian Security Advisory DSA 3171-1 (samba - security update)
Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection. OpenVAS Vulnerability Test $Id:...
Cross site scripting
Cross-site scripting XSS vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.html and possibly other pages...
CVE-2015-1056
Cross-site scripting XSS vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.html and possibly other pages...
CVE-2015-1056
The CVE-2015-1056 entry describes a cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printers, exploitable through the web interface (e.g., general/status.html) via the url parameter. Affected firmware is before version L; the root cause is improper handling/validation of URL param...
RedStar-3.0-Desktop-Escalation
Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak echo 'RUN+="/bin/bash /tmp/r00t.sh"' /etc/udev/rules.d/85-hplj10xx.rules cat...
Multiple Cross-Site Scripting Vulnerabilities in Brother MFC-J4410DW Printer 'url' Parameter
Brother MFC-J4410DW is a color laser printer device that supports wireless network printing. Multiple cross-site scripting vulnerabilities exist in the Brother MFC-J4410DW printer 'url' parameter because it fails to properly filter user-supplied input. An attacker could use these vulnerabilities ...
CUPS Remote Command Execution via Shellshock
Binary data cupsbashrce.nbin...
CUPS < 2.0.1 SSLv3 Legacy Encryption Vulnerability (POODLE)
According to its banner, the CUPS printer service installed on the remote host is a version prior to 2.0.1. It is, therefore, potentially affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes wh...
CVE-2014-7875
Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...
CVE-2014-7875
The CVE-2014-7875 entry affects HP LaserJet CM3530 Multifunction Printer models CC519A/CC520A with firmware older than 53.236.2. The vulnerability is described as a remote, network-exploitable issue that could allow an attacker to obtain sensitive information, modify data, or cause a Denial of Se...
Konica Minolta Password Extractor
This module will extract FTP and SMB account usernames and passwords from Konica Minolta multifunction printer MFP devices. Tested models include C224, C280, 283, C353, C360, 363, 420, C452, C452, C452, C454e, and C554. This module requires Metasploit: https://metasploit.com/download Current...