Windows Line Printer Daemon Service Denial of Service Vulnerability

...

Microsoft Line Printer Daemon Service Security Vulnerability

Microsoft Line Printer Daemon Service is a network printing service from Microsoft Corporation USA. A security vulnerability exists in Microsoft Line Printer Daemon Service LPD. An attacker could exploit this vulnerability to cause a denial of service on the system. The following products and...

Sharp MFP Trust Management Issue Vulnerability

Sharp MFP is a series of multifunction printers from Sharp Japan. The Sharp MFP suffers from a trust management issue vulnerability that arises from hard-coded credential information for accessing an external site, which can be exploited by an attacker who improperly obtains the credential...

Sharp MFP Security Vulnerability

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that originates from a device web page that inadvertently sends information about credentials stored in the device, resulting in information disclosure...

The vulnerability of HP LaserJet Pro printer microprogramming software, related to the lack of protective measures for website structures, allows attackers to carry out XSS attacks.

The vulnerability of HP LaserJet Pro printer microprogramming software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...

CVE-2024-3498

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...

CVE-2024-3496

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL...

CVE-2024-3497

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL...

CVE-2024-3498 Incorrect Permission Assignment Privilege Escalation Vulnerability

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...

CVE-2024-3498

Summary of CVE-2024-3498 : Affects Toshiba e-STUDIO/Tec MFPs where an improper permission assignment enables attackers who can access the device to enable certain web-configured services and elevate privileges to root, potentially allowing arbitrary code execution. The issue is tied to multiple r...

CVE-2024-3498 Incorrect Permission Assignment Privilege Escalation Vulnerability

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL...

CVE-2024-3497

The CVE-2024-3497 entry refers to a directory traversal vulnerability in the web server of Toshiba e-STUDIO printers. The issue allows a network-adjacent attacker to overwrite or add files via path traversal in the unzip operation, with ZDI noting possible remote code execution and no authenticat...

CVE-2024-3497 Directory Traversal Remote Code Execution Vulnerability

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL...

CVE-2024-27175

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL...

CVE-2024-3496 Authentication Bypass Vulnerability

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL...

CVE-2024-3496 Authentication Bypass Vulnerability

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL...

CVE-2024-3496

CVE-2024-3496 is an authentication-bypass flaw affecting Toshiba e-STUDIO multifunction printers. Public sources in the connected documents describe a vulnerability where network-adjacent attackers can bypass web login authentication, gaining access to system information and the ability to upload...

CVE-2024-27175 Local File Inclusion

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL...

CVE-2024-27175

CVE-2024-27175 affects Toshiba e-STUDIO/MFP devices, where a Local File Inclusion vulnerability allows an attacker to read arbitrary files on the printer via unsafely processed input. The root cause is insufficient validation of filename input, enabling information disclosure via the device UI or...