Vulnerabilities > Canon

DATE CVE VULNERABILITY TITLE RISK
2013-06-21 CVE-2013-4614 Credentials Management vulnerability in Canon products
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended workstation.
local
low complexity
canon CWE-255
2.1
2013-06-21 CVE-2013-4613 Permissions, Privileges, and Access Controls vulnerability in Canon products
The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page.
network
low complexity
canon CWE-264
7.5
2008-02-29 CVE-2008-0303 Unspecified vulnerability in Canon products
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.
network
low complexity
canon
6.4
2007-05-15 CVE-2007-2680 Cross Site Scripting vulnerability in Canon products
Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
canon
4.3
2007-03-02 CVE-2006-7065 Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
network
low complexity
microsoft canon
5.0
2006-09-11 CVE-2006-4680 Information Disclosure vulnerability in Canon ImageRunner
The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information.
network
low complexity
canon
4.0
2006-07-06 CVE-2006-3354 Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
network
low complexity
microsoft canon
5.0
2006-06-07 CVE-2006-2900 Information Exposure vulnerability in multiple products
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
network
high complexity
microsoft canon CWE-200
4.0
2006-04-11 CVE-2006-1192 Improper Input Validation vulnerability in multiple products
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
network
high complexity
microsoft canon CWE-20
2.6
2006-04-11 CVE-2006-1188 Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
network
low complexity
microsoft canon
7.5