Vulnerabilities > Xerox > Workcentre 265
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-10 | CVE-2006-6441 | Local Security vulnerability in Workcentre 238 Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive. | 4.6 |
| 2006-12-10 | CVE-2006-6440 | Remote Security vulnerability in Workcentre 238 Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues." | 7.5 |
| 2006-12-10 | CVE-2006-6439 | Information Disclosure vulnerability in Workcentre 238 Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors. | 7.8 |
| 2006-12-10 | CVE-2006-6438 | Local Security vulnerability in Workcentre 238 Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. | 4.9 |
| 2006-12-10 | CVE-2006-6436 | Cross-Site Scripting vulnerability in Workcentre 238 Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages. network xerox | 6.8 |
| 2006-12-10 | CVE-2006-6434 | Security Bypass vulnerability in Workcentre 238 Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors. | 7.5 |
| 2006-12-10 | CVE-2006-6430 | Multiple vulnerability in Xerox WorkCentre and WorkCentre Pro Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic. | 7.8 |
| 2006-10-13 | CVE-2006-5290 | Unspecified vulnerability in Xerox products The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." | 7.5 |
| 2006-02-21 | CVE-2006-0828 | Remote Security vulnerability in Workcentre 238 Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors. | 5.0 |
| 2006-02-21 | CVE-2006-0827 | HTML Injection vulnerability in Xerox WorkCentre Products Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 5.0 |