Vendor CVEs
Printerlogic
All CVEs
40 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4835 | Cri | 0.64 | 9.8 | 0.01 | Sep 15, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Software: before 20230912 . | ||
| CVE-2017-20196 | Med | 0.41 | 6.3 | 0.00 | Jan 26, 2025 | A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely.… | ||
| CVE-2021-42949 | 0.03 | — | 0.06 | Sep 16, 2022 | The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. | |||
| CVE-2021-42638 | 0.02 | — | 0.06 | Feb 1, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution. | |||
| CVE-2021-42635 | 0.02 | — | 0.06 | Jan 31, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. | |||
| CVE-2021-42631 | 0.02 | — | 0.06 | Jan 31, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. | |||
| CVE-2025-34222 | 0.00 | — | 0.00 | Sep 29, 2025 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and… | |||
| CVE-2025-34206 | 0.00 | — | 0.00 | Sep 19, 2025 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env,… | |||
| CVE-2025-27670 | 0.00 | — | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014. | |||
| CVE-2025-27685 | 0.00 | — | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001. | |||
| CVE-2025-27667 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-0011. | |||
| CVE-2025-27672 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016. | |||
| CVE-2025-27666 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010. | |||
| CVE-2025-27651 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014. | |||
| CVE-2025-27671 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015. | |||
| CVE-2025-27673 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017. | |||
| CVE-2025-27669 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Network Scanning (XSPA)/DoS OVE-20230524-0013. | |||
| CVE-2025-27682 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005. | |||
| CVE-2025-27681 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004. | |||
| CVE-2025-27668 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012. | |||
| CVE-2025-27680 | 0.00 | — | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004. | |||
| CVE-2025-27675 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Vulnerable OpenID Implementation V-2023-004. | |||
| CVE-2025-27674 | 0.00 | — | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006. | |||
| CVE-2025-1159 | 0.00 | — | 0.00 | Feb 10, 2025 | A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar. The manipulation leads to cross site scripting. The attack can be launched… | |||
| CVE-2025-0849 | 0.00 | — | 0.00 | Jan 30, 2025 | A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack… | |||
| CVE-2025-0710 | 0.00 | — | 0.00 | Jan 24, 2025 | A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The manipulation of the argument Notice leads to cross site scripting. It is… | |||
| CVE-2025-0625 | 0.00 | — | 0.00 | Jan 22, 2025 | A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the… | |||
| CVE-2025-0581 | 0.00 | — | 0.00 | Jan 20, 2025 | A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible… | |||
| CVE-2025-0560 | 0.00 | — | 0.00 | Jan 18, 2025 | A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site… | |||
| CVE-2025-0559 | 0.00 | — | 0.00 | Jan 18, 2025 | A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to… | |||
| CVE-2021-42642 | 0.00 | — | 0.01 | Feb 2, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer. | |||
| CVE-2021-42641 | 0.00 | — | 0.02 | Feb 2, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | |||
| CVE-2021-42640 | 0.00 | — | 0.02 | Feb 2, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. | |||
| CVE-2021-42639 | 0.00 | — | 0.01 | Feb 2, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization. | |||
| CVE-2021-42637 | 0.00 | — | 0.02 | Feb 2, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. | |||
| CVE-2021-42633 | 0.00 | — | 0.02 | Feb 2, 2022 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records. | |||
| CVE-2020-6872 | 0.00 | — | 0.01 | Jul 20, 2020 | The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects… | |||
| CVE-2018-5409 | 0.00 | — | 0.01 | May 8, 2019 | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing,… | |||
| CVE-2019-9505 | 0.00 | — | 0.03 | May 8, 2019 | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM… | |||
| CVE-2018-5408 | 0.00 | — | 0.01 | May 8, 2019 | The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity… |
- risk 0.64cvss 9.8epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Software: before 20230912 .
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely.…
- CVE-2021-42949Sep 16, 2022risk 0.03cvss —epss 0.06
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.
- CVE-2021-42638Feb 1, 2022risk 0.02cvss —epss 0.06
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.
- CVE-2021-42635Jan 31, 2022risk 0.02cvss —epss 0.06
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.
- CVE-2021-42631Jan 31, 2022risk 0.02cvss —epss 0.06
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.
- CVE-2025-34222Sep 29, 2025risk 0.00cvss —epss 0.00
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and…
- CVE-2025-34206Sep 19, 2025risk 0.00cvss —epss 0.00
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env,…
- CVE-2025-27670Mar 5, 2025risk 0.00cvss —epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Signature Validation OVE-20230524-0014.
- CVE-2025-27685Mar 5, 2025risk 0.00cvss —epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001.
- CVE-2025-27667Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-0011.
- CVE-2025-27672Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016.
- CVE-2025-27666Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010.
- CVE-2025-27651Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014.
- CVE-2025-27671Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015.
- CVE-2025-27673Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017.
- CVE-2025-27669Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Network Scanning (XSPA)/DoS OVE-20230524-0013.
- CVE-2025-27682Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005.
- CVE-2025-27681Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004.
- CVE-2025-27668Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012.
- CVE-2025-27680Mar 5, 2025risk 0.00cvss —epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004.
- CVE-2025-27675Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Vulnerable OpenID Implementation V-2023-004.
- CVE-2025-27674Mar 5, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.
- CVE-2025-1159Feb 10, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar. The manipulation leads to cross site scripting. The attack can be launched…
- CVE-2025-0849Jan 30, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack…
- CVE-2025-0710Jan 24, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The manipulation of the argument Notice leads to cross site scripting. It is…
- CVE-2025-0625Jan 22, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the…
- CVE-2025-0581Jan 20, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible…
- CVE-2025-0560Jan 18, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site…
- CVE-2025-0559Jan 18, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to…
- CVE-2021-42642Feb 2, 2022risk 0.00cvss —epss 0.01
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer.
- CVE-2021-42641Feb 2, 2022risk 0.00cvss —epss 0.02
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.
- CVE-2021-42640Feb 2, 2022risk 0.00cvss —epss 0.02
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer.
- CVE-2021-42639Feb 2, 2022risk 0.00cvss —epss 0.01
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization.
- CVE-2021-42637Feb 2, 2022risk 0.00cvss —epss 0.02
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability.
- CVE-2021-42633Feb 2, 2022risk 0.00cvss —epss 0.02
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records.
- CVE-2020-6872Jul 20, 2020risk 0.00cvss —epss 0.01
The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute the predefined malicious script in the browser. This affects…
- CVE-2018-5409May 8, 2019risk 0.00cvss —epss 0.01
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing,…
- CVE-2019-9505May 8, 2019risk 0.00cvss —epss 0.03
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM…
- CVE-2018-5408May 8, 2019risk 0.00cvss —epss 0.01
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity…