CVE-2018-17169
- EPSS 0.48%
- Veröffentlicht 23.04.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:59
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVE-2018-17168
- EPSS 0.12%
- Veröffentlicht 18.04.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:59
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve,...
CVE-2018-17167
- EPSS 0.32%
- Veröffentlicht 21.03.2019 16:00:23
- Zuletzt bearbeitet 21.11.2024 03:53:59
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Nam...
CVE-2018-19936
- EPSS 0.3%
- Veröffentlicht 17.12.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:50
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
CVE-2018-10326
- EPSS 0.31%
- Veröffentlicht 17.05.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:13
PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to...
- EPSS 0.05%
- Veröffentlicht 17.05.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:13
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.