Xerox Administrator Console Password Extractor

This module will extract the management console's admin password from the Xerox file system using firmware bootstrap injection. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xerox Administrat...

CVE-2014-3111

Multiple cross-site scripting XSS vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the 1 Printer Model field to the Printer Management page, 2 Image Name field to the Image Management page, 3 Storage Group Name field to the Stora...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the 1 Printer Model field to the Printer Management page, 2 Image Name field to the Image Management page, 3 Storage Group Name field to the Stora...

CVE-2014-3111

Multiple cross-site scripting XSS vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the 1 Printer Model field to the Printer Management page, 2 Image Name field to the Image Management page, 3 Storage Group Name field to the Stora...

cups: allows local users to read arbitrary files via a symlink attack

It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system...

cups: insufficient checking leads to privilege escalation

It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system...

libXp: Integer overflow leading to heap-based buffer overflow

Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XpGetAttributes, 2 XpGetOneAttribute, 3 XpGetPrinterList, and 4 XpQueryScreens functions...

HP OfficeJet Printer Security Bypass (HPSBPI03107)

The remote HP OfficeJet printer is affected by a security bypass vulnerability. The included OpenSSL library has a security bypass flaw in the handshake process. By using a specially crafted handshake, a remote attacker can force the use of weak keying material. This could be leveraged for a...

[SECURITY] Fedora 20 Update: kde-print-manager-4.14.1-1.fc20

Printer management for KDE...

HP Web Jetadmin 7.5.2456 Printer Firmware Update Script Arbitrary File Upload Weakness

No description provided by source. source: http://www.securityfocus.com/bid/9971/info HP Web Jetadmin is prone to an issue which may permit remote users to upload arbitrary files to the management server. This issue exists in the printer firmware update script. Given the ability to place arbitrar...

Multiple Printer Providers (spooler service) - Privilege Escalation Exploit

No description provided by source...

Tektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewall is in place, any attacker can reach t...

Lexmark Multiple Laser printer Remote Stack Overflow

No description provided by source. Application: Lexmark Multiple Laser printer Remote Stack Overflow Platforms: Lexmark Multiple Laser printer Exploitation: Remote Exploitable CVE Number: CVE-2010-0619 Discover Date: 2010-01-06 Author: Francis Provencher Protek Research Lab's Website:...

HP JetDirect rev. G.08.x/rev. H.08.x/x.08.x/J3111A LCD Display Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2245/info Certain versions of HP JetDirect enabled printers provide a function PJL command that changes the LCD display on a printer over TCP/IP. Arbitrary strings can be sent to the LCD display by a remote user using thi...

BSD lpr 0.54 -4 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitrary commands...

Microsoft Print Spooler Service Impersonation Vulnerability

No description provided by source. $Id: ms10061spoolss.rb 11766 2011-02-17 19:22:11Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

S.u.S.E. 5.2 lpc Vulnerabilty

No description provided by source. source: http://www.securityfocus.com/bid/328/info The PLP Line Printer Control program, shipped with S.u.S.E. 5.2 is vulnerable to a local remote buffer overflow. You can determine whether you're vulnerable or not by typing 'lpc'. If you're presented with an lpc...

CUPS <= 1.3.7 'HP-GL/2' Filter Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31688/info CUPS is prone to a remote code-execution vulnerability caused by an error in the 'HP-GL/2 filter. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Faile...

HP JetDirect PJL Interface Universal Path Traversal

No description provided by source. Exploit Title: HP JetDirect PJL Interface Universal Path Traversal Date: Aug 7, 2011 Author: Myo Soe YGN Ethical Hacker Group - http://yehg.net/ Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the...

HP LaserJet Pro P1606dn - Webadmin Password Reset

No description provided by source. !/usr/bin/python Exploit Title: HP LaserJet Pro P1606dn Webadmin password reset Date: 20.05.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage: http://www8.hp.com/de/de/products/printers/product-detail.html?oid=4110411 Firmware...