Vulnerabilities > Canon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-11 | CVE-2015-5631 | Cross-Site Request Forgery (CSRF) vulnerability in Canon Pixma Mg7500 Series Inkjet Printer Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. | 6.8 |
| 2013-06-21 | CVE-2013-4615 | Improper Input Validation vulnerability in Canon products The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. | 5.0 |
| 2008-02-29 | CVE-2008-0303 | Unspecified vulnerability in Canon products The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. | 6.4 |
| 2007-05-15 | CVE-2007-2680 | Cross Site Scripting vulnerability in Canon products Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network canon | 4.3 |
| 2007-03-02 | CVE-2006-7065 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. | 5.0 |
| 2006-09-11 | CVE-2006-4680 | Information Disclosure vulnerability in Canon ImageRunner The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information. | 4.0 |
| 2006-07-06 | CVE-2006-3354 | Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. | 5.0 |
| 2006-06-07 | CVE-2006-2900 | Information Exposure vulnerability in multiple products Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | 4.0 |