Xerox Security Bulletin XRX09-002 (PDF 73.9K)

A command injection vulnerability exists in the web server of the WorkCentre/WorkCentrePro 232/238/245/255/265/275, the WorkCentre 7655/7665/7675, and the WorkCentre 5632/5638/5645/5655/5675/5687. if exploited, the vulnerability could allow remote attackers to execute arbitrary code via carefully crafted inputs on the affected web page. Customer and user passwords are not exposed.