Vulnerabilities > Papercut

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-8404 Link Following vulnerability in Papercut NG
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled.
local
low complexity
papercut CWE-59
7.8
2024-09-26 CVE-2024-8405 Command Injection vulnerability in Papercut NG
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled.
local
low complexity
papercut CWE-77
5.5
2023-11-14 CVE-2023-6006 Unspecified vulnerability in Papercut MF
This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG.
local
low complexity
papercut
6.7
2023-10-19 CVE-2023-31046 Path Traversal vulnerability in Papercut MF
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1.
network
low complexity
papercut CWE-22
6.5
2023-09-20 CVE-2023-2508 Cross-Site Request Forgery (CSRF) vulnerability in Papercut Mobility Print Server 1.0.3512
The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section).
network
low complexity
papercut CWE-352
6.5
2023-09-13 CVE-2023-4568 Improper Authentication vulnerability in Papercut NG
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default.
network
low complexity
papercut CWE-287
6.5
2023-08-04 CVE-2023-39143 Path Traversal vulnerability in Papercut MF
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files.
network
low complexity
papercut CWE-22
critical
9.8
2023-07-25 CVE-2023-3486 Unrestricted Upload of File with Dangerous Type vulnerability in Papercut MF
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage.
network
low complexity
papercut CWE-434
7.5
2023-06-20 CVE-2023-2533 Cross-Site Request Forgery (CSRF) vulnerability in Papercut MF and Papercut NG
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.
network
low complexity
papercut CWE-352
8.8
2023-04-20 CVE-2023-27350 Unspecified vulnerability in Papercut NG
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
network
low complexity
papercut
critical
9.8