CVE-2010-4107
published 2010-11-17CVE-2010-4107: The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and…
PriorityP354high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
13.13%
95.9th percentile
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal
exploitdb·2014-04-23·CVSS 7.8
CVE-2010-4107 [HIGH] HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal
HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal
---
#!/usr/bin/perl
use strict;
use warnings;
use IO::Socket::INET;
my $host = $ARGV[0];
# Exploit Title: HP Laser Jet Persistent Javascript Cross Site Scripting via PJL
# Google Dork: n/a
# Date: 4/22/14
# Exploit Author: @0x00string
# Vendor Homepage: http://www.hp.com/products1/laserjetprinters/
# Software Link: n/a
# Version: HP LaserJet P/M xxxx (LaserJets with network conectivity, PJL and onboard storage)
# Tested on: P4015n, P2035n, P4014, M3035 MFP, CP 3525, etc.
# CVE : CVE-2010-4107,
# This script will infect all pages on HP laserjets which include ews_functions.js by appending javascript to the ews_functions.js file by leveraging the PJL Directory Traversal
print "\t _______ __ __ ______
Exploit-DB
HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)
exploitdb·2011-08-07
CVE-2010-4107 HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)
HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)
---
# Exploit Title: HP JetDirect PJL Interface Universal Path Traversal
# Date: Aug 7, 2011
# Author: Myo Soe
# Software Link: http://www.hp.com
# Version: All
# Tested on: HP LaserJet Pxxxx Series
##
# $Id: $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
##
# Sample Output:
#
#
# msf auxiliary(hp_printer_pjl_traversal) > show options
#
# Module options (auxiliary/admin/hp_printer_pjl_traversal):
#
# Name Current Setting Required Description
# ---- --------------- -------- -----------
# INTERACTIVE fals
Exploit-DB
HP JetDirect PJL - Query Execution (Metasploit)
exploitdb·2011-08-07
CVE-2010-4107 HP JetDirect PJL - Query Execution (Metasploit)
HP JetDirect PJL - Query Execution (Metasploit)
---
# Exploit Title: HP JetDirect PJL Query Execution
# Date: Aug 7, 2011
# Author: Myo Soe
# Software Link: http://www.hp.com
# Version: All
# Tested on: HP LaserJet Pxxxx Series
##
# $Id: $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
##
# Sample Output:
#
#
# msf auxiliary(hp_printer_pjl_cmd) > show options
#
# Module options (auxiliary/admin/hp_printer_pjl_cmd):
#
# Name Current Setting Required Description
# ---- --------------- -------- -----------
# CMD FSUPLOAD NAME="0:/../../../etc/passwd" OFFSET=0 SIZE=999 yes PJL Co
Exploit-DB
HP LaserJet - Directory Traversal in PJL Interface
exploitdb·2010-11-29
CVE-2010-4107 HP LaserJet - Directory Traversal in PJL Interface
HP LaserJet - Directory Traversal in PJL Interface
---
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2010.003 16-Nov-2010
Vendor: Hewlett-Packard, http://www.hp.com
Affected Products: Various HP LaserJet MFP devices
(See HP advisory [3] for the complete list)
Vulnerability: Directory Traversal in PJL interface
Risk: HIGH
Vendor communication:
2009/11/25 Initial notification of Hewlett-Packard
2009/11/25 HP confirms receival of advisory
2010/02/05 n.runs AG requests update on the reported issue
2010/02/05 HP notifies n.runs AG that an advisory is in preparation
2010/11/15 Publication of HP advisory
Overview:
The Printer Job Language (PJL) was developed by Hewlett-Packard to
provide a method for switching printer languages at the job level
and for status exchange bet
http://secunia.com/advisories/42238http://securityreason.com/securityalert/8328http://securitytracker.com/id?1024741http://www.exploit-db.com/exploits/15631http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdfhttp://www.securityfocus.com/bid/44882http://www.vupen.com/english/advisories/2010/2987https://exchange.xforce.ibmcloud.com/vulnerabilities/63261http://secunia.com/advisories/42238http://securityreason.com/securityalert/8328http://securitytracker.com/id?1024741http://www.exploit-db.com/exploits/15631http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02004333http://www.nruns.com/_downloads/SA-2010%20003-Hewlett-Packard.pdfhttp://www.securityfocus.com/bid/44882http://www.vupen.com/english/advisories/2010/2987https://exchange.xforce.ibmcloud.com/vulnerabilities/63261
2010-11-17
Published