Total
20 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1656 | 1 Xerox | 1 Workcentre | 2017-08-16 | 10.0 HIGH | N/A |
Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." | |||||
CVE-2008-6436 | 1 Xerox | 1 Workcentre | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-2825 | 1 Xerox | 1 Workcentre | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-2824 | 1 Xerox | 1 Workcentre | 2017-08-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | |||||
CVE-2006-6428 | 1 Xerox | 1 Workcentre | 2017-07-28 | 7.5 HIGH | N/A |
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allow remote attackers to gain access via unspecified vectors related to "browser permissions." | |||||
CVE-2006-6432 | 1 Xerox | 1 Workcentre | 2017-07-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Scan-to-mailbox feature in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to download certain files via unspecified vectors. | |||||
CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2017-07-28 | 7.5 HIGH | N/A |
The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. | |||||
CVE-2006-6429 | 1 Xerox | 1 Workcentre | 2017-07-28 | 5.0 MEDIUM | N/A |
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option." | |||||
CVE-2005-1179 | 1 Xerox | 19 Workcentre, Workcentre 165, Workcentre 175 and 16 more | 2017-07-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703. | |||||
CVE-2006-6433 | 1 Xerox | 1 Workcentre | 2011-03-07 | 5.0 MEDIUM | N/A |
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps. | |||||
CVE-2006-6431 | 1 Xerox | 1 Workcentre | 2011-03-07 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors. | |||||
CVE-2006-6437 | 1 Xerox | 1 Workcentre | 2008-09-10 | 7.8 HIGH | N/A |
ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file. | |||||
CVE-2006-6435 | 1 Xerox | 1 Workcentre | 2008-09-10 | 7.5 HIGH | N/A |
The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack. | |||||
CVE-2006-6470 | 1 Xerox | 1 Workcentre | 2008-09-05 | 10.0 HIGH | N/A |
The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature. | |||||
CVE-2006-6471 | 1 Xerox | 1 Workcentre | 2008-09-05 | 10.0 HIGH | N/A |
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access. | |||||
CVE-2006-6473 | 1 Xerox | 1 Workcentre | 2008-09-05 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb. | |||||
CVE-2006-6472 | 1 Xerox | 1 Workcentre | 2008-09-05 | 10.0 HIGH | N/A |
The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors. | |||||
CVE-2006-6467 | 1 Xerox | 1 Workcentre | 2008-09-05 | 5.8 MEDIUM | N/A |
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB "Homes" share and (2) SMB file system browsing. | |||||
CVE-2006-6468 | 1 Xerox | 1 Workcentre | 2008-09-05 | 5.8 MEDIUM | N/A |
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates. | |||||
CVE-2006-6469 | 1 Xerox | 1 Workcentre | 2008-09-05 | 5.8 MEDIUM | N/A |
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon. |