Vulnerabilities > Xerox
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-10 | CVE-2006-6434 | Security Bypass vulnerability in Workcentre 238 Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors. | 7.5 |
2006-12-10 | CVE-2006-6433 | Remote Security vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps. | 5.0 |
2006-12-10 | CVE-2006-6432 | Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Unspecified vulnerability in the Scan-to-mailbox feature in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to download certain files via unspecified vectors. | 5.0 |
2006-12-10 | CVE-2006-6431 | Remote Security vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors. | 5.0 |
2006-12-10 | CVE-2006-6430 | Multiple vulnerability in Xerox WorkCentre and WorkCentre Pro Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic. | 7.8 |
2006-12-10 | CVE-2006-6429 | Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option." | 5.0 |
2006-12-10 | CVE-2006-6428 | Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allow remote attackers to gain access via unspecified vectors related to "browser permissions." | 7.5 |
2006-12-10 | CVE-2006-6427 | OS Command Injection vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. | 7.5 |
2006-10-13 | CVE-2006-5290 | Unspecified vulnerability in Xerox products The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." | 7.5 |
2006-03-10 | CVE-2006-1139 | Remote Security vulnerability in CopyCentre C75 Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack. | 6.4 |