openSUSE Security Update : python-cupshelpers (openSUSE-SU-2011:1331-2)

This update fixes a typo from the previous update : system-config-printer used an unauthenticated connection when downloading printer drivers from openprinting.org CVE-2011-4405. This update disables the printer driver download feature. system-config-printer did not properly quote shell meta...

openSUSE Security Update : system-config-printer (openSUSE-2011-89)

Add system-config-printer-subprocess-no-shell.patch: avoid escaping issues when running commands. Fix bnc735322. - Add system-config-printer-no-openprinting.patch: this disables the feature where PPD drivers can be downloaded from OpenPrinting.org. See discussion in bnc733542. As a side-effect,...

openSUSE Security Update : ark (openSUSE-SU-2012:0322-1)

Ark was prone to a path traversal vulnerability allowing a maliciously-crafted zip file to allow for an arbitrary file to be displayed and, if the user has appropriate credentials, removed CVE-2011-2725. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks ...

HP OfficeJet Printer Detection

Binary data hpofficejetwebdetect.nbin...

HP OfficeJet Printer Heartbeat Information Disclosure (Heartbleed)

According to its self-reported build information, the firmware running on the remote HP OfficeJet printer is affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extensions that could allow an...

Multiple Stored XSS in FOG Image deployment system - FD

Vulnerability title: Multiple Stored Cross-Site scripting CVE: CVE-2014-3111 Vendor: FOG Project Product: FOG Imaging system Affected version: 0.27 – 0.32latest Fixed version: N/A Reported by: Dolev Farhi ---------------------------- VULNERABILITY Details: ---------------------------- Latest and...

Fog Imaging System 0.32 Cross Site Scripting

Vulnerability title: Multiple Stored Cross-Site scripting CVE: CVE-2014-3111 Vendor: FOG Project Product: FOG Imaging system Affected version: 0.27 – 0.32latest Fixed version: N/A Reported by: Dolev Farhi ---------------------------- VULNERABILITY Details: ---------------------------- Latest and...

Ubuntu Update for cups-filters USN-2210-1

Check for the Version of cups-filters OpenVAS Vulnerability Test $Id: gbubuntuUSN22101.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for cups-filters USN-2210-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is fre...

USN-2210-1: cups-filters vulnerability

Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. CVE-2014-2707 Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow directives. This could cause...

USN-2210-1 cups-filters vulnerability

Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. CVE-2014-2707 Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow directives. This could cause...

Canon PIXMA Printer HTTP Detection

Binary data canonpixmaprinterwwwdetect.nbin...

Canon PIXMA Printer Administration Authentication Bypass

The remote printer contains a flaw that could allow a remote attacker to obtain sensitive information. The HTTP admin interface does not require credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid73375;...

Canon PIXMA Printer WLAN Credential Disclosure

The remote printer contains a flaw that could allow a remote attacker to obtain sensitive information. The HTTP admin interface contains WLAN authentication information WEP/WPA/WPA2 in plaintext. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Kyocera FS5250 Cross Site Scripting

Found the below on a printer a couple of years ago, sent to Kyocera but never heard anything back... Changing the 'Ready' message on a printer is quite a well known prank And much fun was had with this yesterday! but also an interesting avenue for injecting XSS, as the Kyocera printer management...

Debian DSA-2892-1 : a2ps - security update

Several vulnerabilities have been found in a2ps, an 'Anything to PostScript' converter and pretty-printer. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2001-1593 The spyuser function which is called when a2ps is invoked with the --debug flag insecurel...

Debian Security Advisory DSA 2892-1 (a2ps - security update)

Several vulnerabilities have been found in a2ps, an Anything to PostScript converter and pretty-printer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2001-1593 The spyuser function which is called when a2ps is invoked with the --debug flag insecurely use...

DSA-2892-1 a2ps - security update

Bulletin has no description...

HP LaserJet Printer SNMP Enumeration

This module allows enumeration of files previously printed. It provides details as filename, client, timestamp and username information. The default community used is "public". This module requires Metasploit: https://metasploit.com/download Current source:...

Canon PIXMA MX722 Printer Wireless Password Disclosure

Affects: Canon PIXMA MX722 Printer and probably other Canon printers. After typing my WPA2 WiFi password into the printer through the built-in hardware keypad, it exposes the cleartext password to the LAN through an admin page that isn't password protected:...

Cross site scripting

Cross-site scripting XSS vulnerability in the Brother MFC-9970CDW printer with firmware G 1.03 and L 1.10 allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name QUERYSTRING to admin/adminmain.html, a different vulnerability than CVE-2013-2507 and...