Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hylafax hylafax vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-1182
hfaxd in HylaFAX prior to 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote malicious users to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a...
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1.3
Hylafax Hylafax 4.1 Beta3
Hylafax Hylafax 4.2.0
Hylafax Hylafax 4.1.7
Hylafax Hylafax 4.1.8
Hylafax Hylafax 4.1.5
Hylafax Hylafax 4.1.6
Hylafax Hylafax 4.1.1
Hylafax Hylafax 4.1 Beta1
Hylafax Hylafax 4.1 Beta2
5
CVSSv2
CVE-2002-1049
Format string vulnerability in HylaFAX faxgetty prior to 4.1.3 allows remote malicious users to cause a denial of service (crash) via the TSI data element.
Hylafax Hylafax 4.1 Beta3
Hylafax Hylafax 4.0 Pl0
Hylafax Hylafax 4.0 Pl1
Hylafax Hylafax 4.0 Pl2
Hylafax Hylafax 4.1
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1 Beta2
Hylafax Hylafax 4.0.2
Hylafax Hylafax 4.1.1
Hylafax Hylafax 4.1 Beta1
7.5
CVSSv2
CVE-2002-1050
Buffer overflow in HylaFAX faxgetty prior to 4.1.3 allows remote malicious users to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.
Hylafax Hylafax 4.0.2
Hylafax Hylafax 4.0 Pl0
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1 Beta1
Hylafax Hylafax 4.1 Beta2
Hylafax Hylafax 4.1 Beta3
Hylafax Hylafax 4.0 Pl1
Hylafax Hylafax 4.1
Hylafax Hylafax 4.0 Pl2
Hylafax Hylafax 4.1.1
10
CVSSv2
CVE-2003-0886
Format string vulnerability in hfaxd for Hylafax 4.1.7 and previous versions allows remote malicious users to execute arbitrary code.
Hylafax Hylafax 4.1.1
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1
Hylafax Hylafax 4.1.3
Hylafax Hylafax 4.1.5
Hylafax Hylafax 4.1.6
Hylafax Hylafax 4.1.7
1 EDB exploit
7.2
CVSSv2
CVE-2001-0387
Format string vulnerability in hfaxd in HylaFAX prior to 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
Hylafax Hylafax 4.1 Beta2
Hylafax Hylafax 4.1 Beta3
Hylafax Hylafax 4.0 Pl0
Hylafax Hylafax 4.0 Pl1
Hylafax Hylafax 4.0 Pl2
Hylafax Hylafax 4.1 Beta1
7.5
CVSSv2
CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and previous versions allow remote malicious users to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
Hylafax Hylafax 4.1.1
Hylafax Hylafax 4.2
Hylafax Hylafax 4.2.1
Hylafax Hylafax 4.2.2
Hylafax Hylafax 4.2.3
1 EDB exploit
6.8
CVSSv2
CVE-2013-5680
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 up to and including 5.5.3, when using LDAP authentication, might allow remote malicious users to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
Lee Howard Hylafax\\+ 5.5.1
Lee Howard Hylafax\\+ 5.4.1
Lee Howard Hylafax\\+ 5.4.2
Lee Howard Hylafax\\+ 5.5.0
Lee Howard Hylafax\\+ 5.2.5
Lee Howard Hylafax\\+ 5.5.3
Lee Howard Hylafax\\+ 5.2.8
Lee Howard Hylafax\\+ 5.3.0
Lee Howard Hylafax\\+ 5.2.9
Lee Howard Hylafax\\+ 5.2.7
Lee Howard Hylafax\\+ 5.5.2
Lee Howard Hylafax\\+ 5.2.4
Lee Howard Hylafax\\+ 5.2.6
1 EDB exploit
7.2
CVSSv2
CVE-2020-15397
HylaFAX+ up to and including 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of...
Hylafax\\+ Project Hylafax\\+
Ifax Hylafax Enterprise -
3.6
CVSSv2
CVE-2005-3070
HylaFax 4.2.1 and previous versions does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.
Hylafax Hylafax
7.5
CVSSv2
CVE-2018-17141
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote malicious users to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Hylafax Hylafax\\+ 5.6.0
Hylafax Hylafax 6.0.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »