Next Page >>
Multifunction Printer
HP LaserJet Enterprise 600 M602
HP LaserJet Enterprise 600 M603
HP Color LaserJet CM1312 Multifunction Printer
HP LaserJet Pro CM1415 Color Multifunction Printer
HP Color LaserJet CP1510
HP LaserJet M2727 Multifunction Printer series
Update to version 20120123
31 Jan 2012 or later
HP Color LaserJet 2800 All-in-One Printer series
Update to version 20120307
2 Apr 2012 or later
HP Color LaserJet 3000
Update to version 46_050_1
HP LaserJet Pro CP1025 Color Printer series
20120130 or later
20120130 or later
HP LaserJet Pro M1136 Multifunction Printer series
20120206 or later
20120206 or later
HP LaserJet Pro P1102 Printer series
RFU not available
HP LaserJet Pro P1102 Printer series
RFU not available
20100130 or later
HP Color LaserJet CM1312 Multifunction Printer
20120104 or later
20120104 or later
HP Color LaserJet CM1312nfi Multifunction Printer
20120104 or later
HP LaserJet Enterprise 600 M603
No update required
No update required
HP Color LaserJet CM1312 Multifunction Printer
20111209 or later
Code signing not available
HP LaserJet Pro CM1415 Color Multifunction Printer
20111215 or later
HP LaserJet 4250 Printer series
HP LaserJet 4350 Printer series
HP LaserJet 4345 Multifunction Printer series
HP LaserJet 5200 Printer series
HP Color LaserJet 5550 Printer series
Select "Support & Drivers"
In Step 1 select "Download drivers and software (and firmware)"
In Step 2 enter one of the following:
HP LaserJet 4345 Multifunction Printer series
HP Color LaserJet 4730 Multifunction Printer series
HP LaserJet 9040/9050 Multifunction Printer series
HP LaserJet 4250 Printer series
HP LaserJet 4350 Printer series
HP LaserJet 4345 Multifunction Printer series
HP LaserJet 5200 Printer series
HP Color LaserJet 5550 Printer series
Select "Support & Drivers"
In Step 1 select "Download drivers and software (and firmware)"
In Step 2 enter one of the following:
HP LaserJet 4345 Multifunction Printer series
HP Color LaserJet 4730 Multifunction Printer series
HP LaserJet 9040/9050 Multifunction Printer series
HP 9200C Digital Sender
HP Color LaserJet 9500 Multifunction Printer series
Select "Support & Drivers"
In Step 1 select "Download drivers and software (and firmware)"
In Step 2 enter one of the following:
HP LaserJet 4345 Multifunction Printer series
HP Color LaserJet 4730 Multifunction Printer series
HP LaserJet 9040/9050 Multifunction Printer series
HP 9200C Digital Sender
HP Color LaserJet 9500 Multifunction Printer series
Select "Support & Drivers"
In Step 1 select "Download drivers and software (and firmware)"
In Step 2 enter one of the following:
HP LaserJet 4345 Multifunction Printer series
HP Color LaserJet 4730 Multifunction Printer series
HP LaserJet 9040/9050 Multifunction Printer series
HP 9200C Digital Sender
HP Color LaserJet 9500 Multifunction Printer series
A potential security vulnerability has been identified with certain HP Color LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS).
References: CVE-2009-3842
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Color LaserJet M3530 Multifunction Printer with firmware 53.021.2 (earlier versions are not vulnerable)
HP Color LaserJet CP3525 Printer with firmware 05.058.4 (earlier versions are not vulnerable)
BACKGROUND
CVSS 2.0 Base Metrics
A potential security vulnerability has been identified with certain HP Color LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS).
References: CVE-2009-3842
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 (earlier versions are not vulnerable)
HP Color LaserJet CP3525 Printer with firmware 53.021.2 (earlier versions are not vulnerable)
BACKGROUND
CVSS 2.0 Base Metrics
============================================================================
Foofus.net Security Advisory: foofus-20111107
============================================================================
Title: Lexmark Multifunction Printer Information exposure
Version: X656de
Vendor: Lexmark
Release Date: 08/05/2011
============================================================================
1. Summary:
Advisory ID: HTB23082
Product: All-in-One Event Calendar Plugin for WordPress
Vendor: The Seed Studio
Vulnerable Version(s): 1.4 and probably prior
Tested Version: 1.4
Vendor Notification: 21 March 2012
Public Disclosure: 11 April 2012
Vulnerability Type: Cross-Site Scripting (XSS)
CVE Reference(s): CVE-2012-1835
Risk Level: Medium
Laser Jet P1505
Laser Jet 2100
Laser Jet 2200
Laser Jet 2300 / 2300L
Laser Jet 2410 / 2420 / 2430
Laser Jet 3015 All-in-one
Laser Jet 3020/3030 All-in-one
Laser Jet 3050Z All-in-one
Laser Jet 3380 All-in-one
Laser Jet M3035mfp
Laser Jet 4000
Laser Jet P1505
Laser Jet 2100
Laser Jet 2200
Laser Jet 2300 / 2300L
Laser Jet 2410 / 2420 / 2430
Laser Jet 3015 All-in-one
Laser Jet 3020/3030 All-in-one
Laser Jet 3050Z All-in-one
Laser Jet 3380 All-in-one
Laser Jet M3035mfp
Laser Jet 4000
> http://hostname-IP_Address/cgi-bin/exportfile/printer/config/secure/settingfile.ucf
>
> ============================================================================
>
> 4. Affected Products:
> Lexmark X656de multifunction printer (Kernel=FPR.APS.F184-0, Base=LR.MN.P224a-0)
> Other Lexmark and Dell branded Multifunction printers may also be vulnerable
Might this not have been fixed by the following change in firmware P311e2,
which was released in April 2010 and advertised as fixing various CVEs?
3) Security related UCF keys can now be imported/exported from the
============================================================================
Foofus.net Security Advisory: foofus-20111016
============================================================================
Title: Toshiba EStudio Multifunction Printer Authentication Bypass
Version: e-Studio series devices
Vendor: Toshiba
Release Date: 01/29/2010
Issue Status: Contacted by Vendor on 2/25/2011 about release of a firmware
patch.
============================================================================
High - Unauthorized document upload / File redirection / Uploading
of binaries / Overwriting of existing files
Summary:
Kyocera Mita multifunction devices come with the ability to scan to
the user's desktop. Part of the solution requires a listener at the
PC/Mac, which handles authorization and document upload. This listener
has several logic bugs and, as a result, the authorization can be
bypassed, files can be uploaded, auditing can be spoofed, and the
storage location can be altered from the configured value.
============================================================================
Foofus.net Security Advisory: foofus-20111026
============================================================================
Title: Toshiba eStudio Multifunction Printer Information Leakage
Version: e-Studio series devices
Vendor: Toshiba
Release Date: 01/29/2011
Update Date: 10/26/2011
============================================================================
Vendor description:
-------------------
WorkCentre 5665 / 5675 / 5687
High-speed performance, outstanding productivity and advanced
multifunction capabilities. These are the essentials of the all-in-one
offce powerhouse that easily handles the high-volume print demands of
large, busy workgroups. And with robust copying, scanning, faxing and a
host of innovative Xerox technologies, you get a total workfow solution
that excels at streamlining your unique job processes.
HP Photosmart Plus B210 series
HP Photosmart Premium C310 series
HP Photosmart Premium Fax All-in-One
HP Photosmart Premium C510 series
HP ENVY 100 D410 series
Potential Security Impact: Local unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to "Send to e-mail" and other functionality of an HP Multifunction Peripheral (MFP) controlled by the HP Digital Sending Software.
References: CVE-2010-1558
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP MFP Digital Sending Software prior to v4.18.3 running on Windows
=================
1) Introduction
=================
The Xerox WorkCentre 4150 multifunction is the affordable transition
to the next level of productivity
for your office. One easy-to-use device offers powerful printing,
copying, scanning, and faxing.
#####################################################################################
=================
Lexmark specializes in printers and printer accessories. Its current
range of products includes color and monochrome laser printers and
inkjet printers, both of which may include scanners (including
all-in-one devices with faxing and copying capabilities and photo
printers), and dot matrix printers. Lexmark was one of the first
companies to release wifi inkjet printers and the very first to
release printers with a web-enabled touchscreen, coming in early
September of 2009. They also offer a wide variety of laser printers
with software solutions for more professional printing environments.
Original URL:
http://securityreason.com/achievement_securityalert/71
- --- 0.Description ---
The SeaMonkey project is a community effort to develop the SeaMonkey all-in-one internet application suite (see below). Such a software suite was previously made popular by Netscape and Mozilla, and the SeaMonkey project continues to develop and deliver high-quality updates to this concept. Containing an Internet browser, email & newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools, SeaMonkey is sure to appeal to advanced users, web developers and corporate users.
- --- 1. SeaMonkey 1.1.18 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. SeaMonkey has the same dtoa as a KDE, Opera and all BSD systems. This issue has been fixed in Firefox 3.5.4 and fix
Where: Remote
======================================================================
3) Vendor's Description of Software
"Serv-U FTP Server is now offers an all-in-one file server solution
featuring a built in web transfer client, web based adminstration,
improved interface and more while still offering unparalleled security
and ease-of-use at the best price on the market.".
Product Link:
Potential Security Impact: Local unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to "Send to e-mail" and other functionality of an HP Multifunction Peripheral (MFP) controlled by the HP Digital Sending Software.
References: CVE-2010-1558
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP MFP Digital Sending Software prior to v4.18.3 running on Windows
introduction
------------
GOODFELLAS security research team has found a bug in a dll included in
at least the following HP products:
* HP All-in-One Series Web Release
* HP Photo & Imaging Gallery version 1.1
The affected dll is called hpqutil.dll at least in it's version
2.0.0.138 in English, and specifically the problem is a heap overflow
Next Page>>
|
