Xerox Security Bulletin XRX09-001 (PDF 74.2K)

A command injection vulnerability exists in the web server of the WorkCentre/WorkCentre Pro 232/238/245/255/265/275 and the WorkCentre 5632/5638/5645/5655/5665/5675/5687. If exploited, the vulnerability could allow remote attackers to execute arbitrary code via carefully crafted inputs on the affected web page. Customer and user passwords are not exposed.