62 matches found
CVE-2018-17211
An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request...
CVE-2018-17211
The CVE-2018-17211 entry describes a vulnerability in PrinterOn Central Print Services (CPS) up to version 4.1.4. An unauthenticated attacker can disclose sensitive printer-related details by sending a crafted HTTP GET request, enabling information disclosure (confidentiality impact). The issue i...
CVE-2018-17210
An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass...
CVE-2018-17210
An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass...
Session fixation
An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass...
CVE-2018-17210
An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass...
CVE-2018-17210
CVE-2018-17210 affects PrinterOn Central Print Services (CPS) up to version 4.1.4. The core components that create and launch print jobs do not perform complete verification of the session cookie, enabling an attacker with guest/pseudo-guest permissions to bypass session checks by calling the cor...
CVE-2018-17169
An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
Server side request forgery (ssrf)
An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-17169
An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-17169
An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-17169
PrinterOn products suffer an XXE vulnerability (CVE-2018-17169) in versions 4.1.4 and earlier. A crafted XML DTD can be processed by the service, allowing remote authenticated users to read arbitrary files or perform server-side request forgery (SSRF). The publicly available sources confirm the f...
Cross site request forgery (csrf)
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery CSRF vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer Disable, Approve, etc...
CVE-2018-17168
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery CSRF vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer Disable, Approve, etc...
CVE-2018-17168
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery CSRF vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer Disable, Approve, etc...
CVE-2018-17168
PrinterOn Enterprise 4.1.4 is affected by multiple cross-site request forgery (CSRF) vulnerabilities in the Administration page. An attacker could lure an administrator to a link that triggers unauthorized admin actions, such as Disable or Approve printer settings. The root cause is CSRF in the a...
CVE-2018-17168
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery CSRF vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer Disable, Approve, etc...
CVE-2018-17167
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Machine Host Name" or "Server Serial Number" field in the clustering configuration, 2 "name" field in the Edit Group configuration, 3 "Rule Name" field in the Access Control configuration, 4...
Cross site scripting
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Machine Host Name" or "Server Serial Number" field in the clustering configuration, 2 "name" field in the Edit Group configuration, 3 "Rule Name" field in the Access Control configuration, 4...
PrinterOn Enterprise Cross-Site Scripting Vulnerability
PrinterOn Enterprise is a secure cloud printing solution from PrinterOn Canada. The solution supports printing from laptops, desktops and mobile devices connected to printers. A cross-site scripting vulnerability exists in PrinterOn Enterprise version 4.1.4, which stems from a lack of proper...