CVE-2006-6427: OS Command Injection
First published: Sun Dec 10 2006(Updated: )
The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xerox WorkCentre | =12.060.17.000 | |
| Xerox WorkCentre | =13.060.17.000 | |
| Xerox WorkCentre | =14.060.17.000 | |
| Xerox WorkCentre | =12.060.17.000 | |
| Xerox WorkCentre | =13.060.17.000 | |
| Xerox WorkCentre | =14.060.17.000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf
- http://securitytracker.com/id?1017337
- http://secunia.com/advisories/23265
- http://www.xerox.com/downloads/usa/en/c/cert_XRX06_007_v1.pdf
- http://www.securityfocus.com/bid/21365
- http://www.vupen.com/english/advisories/2006/4791
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30674
- collector/nvd-historical
- vendor/xerox
- product/workcentre
- canonical/xerox workcentre
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- version/xerox workcentre/12.060.17.000
- version/xerox workcentre/13.060.17.000
- version/xerox workcentre/14.060.17.000