Kyoceramita Scanner File Utility 3.3.0.1

CPE Details

Kyoceramita Scanner File Utility 3.3.0.1
kyoceramita
scanner_file_utility
3.3.0.1
2023-12-08
23h30 +00:00
2023-12-08
23h30 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:kyoceramita:scanner_file_utility:3.3.0.1:*:*:*:*:*:*:*

Informations

Vendor

kyoceramita

Product

scanner_file_utility

Version

3.3.0.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2008-7109 2009-08-28 13h00 +00:00 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
9.8
Critical
CVE-2008-7110 2009-08-28 13h00 +00:00 Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a .. (dot dot) in a request.
7.8
CVE-2008-7111 2009-08-28 13h00 +00:00 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109.
9.3
CVE-2008-7112 2009-08-28 13h00 +00:00 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request.
5
CVE-2008-7113 2009-08-28 13h00 +00:00 The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack.
6.4
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.