[SA22252] Xerox ESS/ Network Controller and MicroServer "WebUI" Vulnerability

SecuToolBox : Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP + Aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA22252] Xerox ESS/ Network Controller and MicroServer "WebUI" Vulnerability

Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts.

We will help with relocation and obtaining a work permit.

Currently the following type of positions are available: link://[click]

TITLE: Xerox ESS/ Network Controller and MicroServer "WebUI" Vulnerability

SECUNIA ADVISORY ID: SA22252

VERIFY ADVISORY: link://[click]

CRITICAL: Highly critical

IMPACT: System access

WHERE: From remote

OPERATING SYSTEM: Xerox WorkCentre link://[click] Xerox WorkCentre Pro link://[click]

DESCRIPTION: A vulnerability has been reported in Xerox WorkCentre Pro and Xerox WorkCentre, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is due to an unspecified error in WebUI, which can be exploited to inject and execute arbitrary commands.

The vulnerabilities affect the following products: * WorkCentre 232, 238, 245, 255, 265, 275 * WorkCentre Pro 232, 238, 245, 255, 265, 275 SOLUTION: See patch matrix in vendor advisory to apply patch P29.

link://[click] PROVIDED AND/OR DISCOVERED BY: The vendor credits Brendan O'Connor.

ORIGINAL ADVISORY: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA22269] phpBB Nivisec Static Topics "phpbb_root_path" File Inclusion Vulnerability
Suivant par Date: [SA22233] Sun Solaris update for Apache 2 mod_ssl module
Precedent par fil : [SA22269] phpBB Nivisec Static Topics "phpbb_root_path" File Inclusion Vulnerability
Suivant par fil : [SA22233] Sun Solaris update for Apache 2 mod_ssl module
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires sur SecuObs :

- More Oracle Pwnage...I Lost Count...New Version Module http://www.secuobs.com/r - Update on the update http://www.secuobs.com/revue/news/49561.shtml - YARA: a malware identification and classification tool http://www.secuobs.com/re - Update from Alexander Sotirov http://www.secuobs.com/revue/news/49201.shtml - VOIP Scanning on the increase http://www.secuobs.com/revue/news/49189.shtml - Creator of ZiPhone iPhone unlock hack calls it quits http://www.secuobs.com/revu - IPv6 Tunnel on Windows XP Using Freenet6 http://www.secuobs.com/revue/news/48645 - RFIDIOt-0.1v.tgz http://www.secuobs.com/revue/news/48665.shtml - VOIPPACK now available! http://www.secuobs.com/revue/news/48725.shtml - Nine Years of Code Cruft: Microsoft?s Hidden Internet Explorer Failures http://w + de commentaires publiés sur SecuObs

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, windows, exploit, microsoft, réseau, attaque, vulnérabilité, système, audit, virus, internet, outil, fonction, présentation, données, linux, bluetooth, vista, shell, gestion, metasploit, wishmaster, trames, protocol, sysun, fonctions, paquets, téléphone, engineering + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA33400 Fedora update for am-utils - SA33419 Fedora update for xterm - SA32648 TSC2 Help Desk CTab ActiveX Control Caption List Buffer Overflow - SA32609 ComponentOne SizerOne CTab ActiveX Control Caption List Buffer Overflow - SA33342 vBulletin Personal Sticky Threads Add-on Security Bypass Vulnerability + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Do you use nepenthes? - Full-disclosure The war in Palestine && Pointless noise. - Full-disclosure MDVSA-2009:001 openssl - Re: Full-disclosure Full-Disclosure wouldn't let me post this message - Re: Full-disclosure The war in Palestine + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- AST-2009-001: Information leak in IAX2 authentication - LayerOne 2009 Call for Papers - USN-705-1 NTP vulnerability - Re: IBM Datapower XS40 Denial of Service - CORE-2008-1128: Openfire multiple vulnerabilities + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

virus, spyware, vmware, firmware, biometric, lockpicking, wimax, password, spammer, malware, kernel, windows, iphone, symantec, phish, adware, knoppix, security, botnet, linux, tutorial, cryptography, internet, attack, wireshark, server, virtual, metasploit, intel, openbsd, protect, jailbreak, hitbsecconf2006, rootkit, norton, ubuntu, exploit, samsung, ettercap, hijackthis, interview, screen, vista, fingerprint, flash + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, vulnérabilité, network, google, vulnerability, hacker, attack, inject, remote, mobile, server, exploit, apple, internet, iphone, black, yahoo, sécurité, malware, vista, intel, patch, crypt, drive, access, protect, virtual, laptop, linux, source, biometric, research, ebook, business, virus, office, phish, adobe, chine, facebook, opera, flash, wireless + de mots clés avec l'annuaire de la revue de presse