Papercut Ng Security Vulnerabilities and Issues — Papercut Ng CVE List

Lucene search

PapercutPapercut Ng

8 matches found

CVE•added 2023/04/20 4:15 p.m.•1065 views

CVE-2023-27350

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. ...

9.8CVSS9.1AI score0.94216EPSS

CVE•added 2023/04/20 4:15 p.m.•183 views

CVE-2023-27351

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implement...

8.2CVSS9.2AI score0.01659EPSS

CVE•added 2023/08/04 5:15 p.m.•110 views

CVE-2023-39143

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).

9.8CVSS9.7AI score0.88626EPSS

CVE•added 2023/07/25 1:15 p.m.•93 views

CVE-2023-3486

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.

8.2CVSS8AI score0.02434EPSS

CVE•added 2023/09/13 9:15 p.m.•72 views

CVE-2023-4568

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

6.5CVSS6.6AI score0.82902EPSS

CVE•added 2023/11/14 4:15 a.m.•44 views

CVE-2023-6006

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archiving must be enabled or the attacker needs to encounter a misconfigured system. This vulnerability ...

7.8CVSS6.9AI score0.00095EPSS

CVE•added 2023/06/20 3:15 p.m.•40 views

CVE-2023-2533

A Cross-Site Request Forgery (CSRF) vulnerability has been identified inPaperCut NG/MF, which, under specific conditions, could potentially enablean attacker to alter security settings or execute arbitrary code. This couldbe exploited if the target is an admin with a current login session. Exploiti...

8.8CVSS8.9AI score0.47131EPSS

CVE•added 2023/10/19 2:15 p.m.•24 views

CVE-2023-31046

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach g...

6.5CVSS6.3AI score0.00738EPSS