Filtered by vendor Xerox
Subscriptions
Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6436 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages. | ||||
| CVE-2008-5225 | 1 Xerox | 1 Docushare | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. | ||||
| CVE-2006-6438 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. | ||||
| CVE-2006-6437 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file. | ||||
| CVE-2006-6468 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates. | ||||
| CVE-2008-2743 | 1 Xerox | 3 Xerox 4110, Xerox 4590, Xerox 4595 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-6440 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues." | ||||
| CVE-2006-6433 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps. | ||||
| CVE-2006-6469 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon. | ||||
| CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. | ||||
| CVE-2009-1656 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." | ||||
| CVE-2006-6430 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | N/A |
| Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic. | ||||
| CVE-2009-3913 | 1 Xerox | 1 Fiery Webtools | 2025-04-09 | N/A |
| SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. | ||||
| CVE-2006-6435 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack. | ||||
| CVE-2006-6429 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option." | ||||
| CVE-2008-6436 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-2825 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-6431 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors. | ||||
| CVE-2008-2824 | 1 Xerox | 1 Workcentre | 2025-04-09 | N/A |
| Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | ||||
| CVE-2008-3122 | 1 Xerox | 1 Centreware Web | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors. | ||||