5 matches found
CVE-2016-1487
CVE-2016-1487 affects Lexmark Markvision Enterprise prior to 2.3.0, where unsafe deserialization of untrusted Java objects in Apache Commons Collections via the RMI interface enables remote code execution. The root cause is deserialization of unauthenticated serialized objects, allowing an attack...
CVE-2016-6918
Summary: CVE-2016-6918 affects Lexmark Markvision Enterprise (MVE) prior to version 2.4.1, where a remote attacker can execute arbitrary commands by uploading files. The connected documents consistently describe this as a vulnerability in MVE before 2.4.1 with no explicit exploitation details inc...
CVE-2014-8742
Lexmark MarkVision Enterprise prior to 2.1 is affected by CVE-2014-8742, a directory traversal vulnerability in the ReportDownloadServlet that allows remote attackers to read arbitrary files. The root cause is improper handling/sanitization of input leading to unauthorized file disclosure. Some s...
CVE-2014-8741
CVE-2014-8741 documents a directory traversal vulnerability in the Lexmark MarkVision Enterprise product, specifically the GfdFileUploadServerlet servlet, before version 2.1. The issue allows a remote attacker to write to arbitrary files via unspecified vectors, with public references noting poss...
CVE-2014-9375
Lexmark Markvision Enterprise’s LibraryFileUploadServlet is vulnerable to a directory-traversal in ZIP processing. A crafted ZIP can write arbitrary files and allow remote code execution. ZDI-15-046 reports that authentication is not required and an attacker could upload files to arbitrary locati...