Vulnerabilities > Xerox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-02 | CVE-2014-3138 | SQL Injection vulnerability in Xerox Docushare 6.5.3/6.6.1 SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. | 6.5 |
| 2013-01-17 | CVE-2013-0415 | Local Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package. | 6.0 |
| 2013-01-17 | CVE-2013-0407 | Local vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. | 4.6 |
| 2013-01-17 | CVE-2012-0569 | Local vulnerability in Oracle Solaris Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch. | 3.3 |
| 2010-02-04 | CVE-2010-0549 | Information Exposure vulnerability in Xerox products Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability." | 5.0 |
| 2010-02-04 | CVE-2010-0548 | Information Exposure vulnerability in Xerox products Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization. | 5.0 |
| 2009-11-09 | CVE-2009-3913 | SQL Injection vulnerability in Xerox Fiery Webtools SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. | 7.5 |
| 2009-05-16 | CVE-2009-1656 | Remote Command Execution vulnerability in Xerox WorkCentre Webserver Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." | 10.0 |
| 2009-03-06 | CVE-2008-6436 | Cross-Site Scripting vulnerability in Xerox Workcentre Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-11-25 | CVE-2008-5225 | Cross-Site Scripting vulnerability in Xerox Docushare Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. | 4.3 |