This Metasploit module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root privileges.
f0660a3d09fcdb1e977b7a2ed03e9bcc85467482907cf22be2c2ec5a6986def7Whitepaper called From Patched to Pwned - Attacking Xerox's Multifunction Printers Patch Process. In this paper the author discusses the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack.
3688be93b27c1a23060fa014deca9150f7f3ac8484e3acd5427b36fec7c66906The Lexmark X656de multifunction printer suffers from a remote password disclosure vulnerability.
6f0b0ae716eef7a6fc0485b242d176d9a146bd109f1d952e0a3ecc8b624fb444Brief whitepaper discussing how to trick a printer into passing LDAP or SMB credentials back to an attacker in plain text.
4c1967b52b737e8378e0591046c4fbeb02462547b019cb3d9e260b1c5939d804The Toshiba eStudio multifunction printer suffers from an information leakage vulnerability as passwords can be extracted in plaintext from the html source code of various configuration pages.
5734383d4ee705db601bc8d3d5e3c2dd43c7d59704ae77a50bf1ce5366dd57bcToshiba e-Studio devices suffer from an authentication bypass vulnerability.
8d34ec59051a89a05afdeee8fa150523f3ddb25662352023a4f80265d709bec7Layered Defense Research Advisory - FortiClient version 3.0.614 suffers from a format string vulnerability.
03c7157f2662b4ea6613ac679d2324fc6483c5a47915efcd34f14575cddd1f83Layered Defense Research Advisory - A local format string vulnerability was discovered within Symantec PcAnywhere version 10 thru 12.5. The vulnerability is due to improper processing of format strings within (.CHF) remote control file names or associated file path. When special crafted format strings are entered as the file name (%s%s%s%s%s.chf) or within the path of the CHF file the format string vulnerability is triggered. Making it possible to read/write arbitrary memory and at a minimum cause a denial of service condition.
a574bab9b99dda07703b1bfb56b0731c44ceff88c536d3484eab091eb2e196a5Layered Defense Research Advisory - The Juniper Netscreen firewall NetOS version 5.4.0r9.0 suffers from a cross site scripting vulnerability.
9344e671e676c1c4e250d0863d105544249c0894b443ce3abbcaf6abdedf65a2Layered Defense Research Advisory - A stack based buffer overflow was discovered within Alcatel OmniSwitch product line.
7990682cd4bcbd2b3f2495a6713625e60c4b87f4bffbdfcb203ecad33dac8594A format string vulnerability was discovered within F-Secure Anti-Virus Client Security version 6.02. The vulnerability is due to improper processing of format strings when processing the Management Server name field.
7646621dbd70f86b3c91325b6ea6075097df767bc9d54eeb041687a2c3528983A format string vulnerability has been discovered within BitDefender Client Professional Plus build 8.02.
aae2a9aab9a8ac2ada062219db23d7fb06500ea56412d9d71b0e791d9299b51bLayered Defense Advisory - A format string vulnerability was discovered within Novell client 4.91 . The vulnerability is due to improper processing of format strings within NMAS (Novell Modular Authentication Services) Information message window. An attacker who enters special crafted format strings in the Username field at the Novell logon and selects Sequences under the NMAS tab can read data from the winlogon process stack or read from arbitrary memory, and at a minimum cause a denial of service.
16000cd5b2e4b7f104dd288b51b65a2f794e2c097e823e6489eb20d40d32e75fLayered Defense Advisory: TrendMicro OfficesScan Corporate is vulnerable to execution of arbitrary code, potential remote exploit, and denial of service.
d46d632af7507a699b201db1a7e5a3a5c7485df1d3c8ec670aa194187ccb1299A format string vulnerability was discovered within Symantec AntiVirus Corporate Edition versions 10.0, 9.0, and 8.1. The vulnerability is due to improper processing of format strings within the Tamper Protection and Virus Alert Notification message fields.
b88bed47963cead7cdf7ea06aa496167b920a7643fa9974268839386da323811Layered Defense Advisory 13 September 2006 - multiple versions of Symantec AntiVirus Corporate Edition and Symantec Client Security suffer from a format string vulnerability that can allow a local user to execute arbitrary code with elevated privileges.
638ff7c2543279c25e07521456fb79452722ffd7d210c291df46f328afdfeceeA format string vulnerability was discovered within etrust Antivirus 8.0. The vulnerability is due to improper processing of format strings within the scan job description field. An attacker could create a scan job containing special crafted format strings that could potential lead to execution of arbitrary code, rights escalation and at a minimum denial of service.
904184d605233967c52fd67cc3154342d54a0fa06cabd165e584e86fee6cb3b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed