RSS   Vulnerabilities for 'Printeron'   RSS

2019-04-23
 
CVE-2018-17169

CWE-611
 

 
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

 
2019-04-18
 
CVE-2018-17168

CWE-352
 

 
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).

 
2019-03-21
 
CVE-2018-17167

CWE-79
 

 
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.

 
2018-12-17
 
CVE-2018-19936

CWE-20
 

 
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.

 
2018-05-17
 
CVE-2018-10327

CWE-255
 

 
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.

 
 
CVE-2018-10326

CWE-79
 

 
PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest.

 


Copyright 2019, cxsecurity.com

 

Back to Top