11 matches found
CVE-2019-20460
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require anti-CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For...
CVE-1999-0564
An attacker can force a printer to print arbitrary documents e.g. if the printer doesn't require a password or to become disabled...
CVE-2019-20460
Affects Epson Expression Home XP255 20.08.FM10I8. Root cause: POST to RAW printer interface lacks CSRF validation, enabling CSRF attacks to send text to the RAW interface and potentially print unwanted content. Impact is described as high (C/H/I/A) per CVSS 3.1. Remediation available in connected...
CVE-2022-42909
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to...
CVE-2022-1747
The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization...
Authorization
The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization...
CVE-2022-26572
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information...
CVE-2022-26572
Xerox ColorQube 8580 is affected by a CVE-2022-26572 vulnerability described as an access control issue that allows an attacker to print, view the device status, and obtain sensitive information. The connected Red Hat, NVD, and other records corroborate the same description, but do not provide co...
Zyxel NSA310远程命令执行漏洞
漏洞效果 打印/etc/passwd 演示在存在漏洞主机上注入系统命令打印/etc/passwd: $ telnet 192.168.219.101 21 Trying 192.168.219.101... Connected to 192.168.219.101. Escape character is '^'. 220 Welcome to PureFTPd TLS 220 You are user number 1 of 10 allowed. 220 Local time is now 22:46. Server port: 21...
Multiple Security Holes in LPPlus
LPPlus is Plus Technologies' print management system for unix. It contains several serious security holes, some of which undermine the integrity of the printing subsystem, some of which threaten the security of the system on which the product is installed. Details ------- Hole 1: Of the 74 binari...
CVE-1999-0564
An attacker can force a printer to print arbitrary documents e.g. if the printer doesn't require a password or to become disabled...