Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hylafax hylafax vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-1999-1340
Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument.
Hylafax Hylafax 4.0.2
1 EDB exploit
2.1
CVSSv2
CVE-2005-3069
xferfaxstats in HylaFax 4.2.1 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.
Hylafax Hylafax 4.2.1
7.2
CVSSv2
CVE-2020-15396
In HylaFAX+ up to and including 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
Hylafax\\+ Project Hylafax\\+
Ifax Hylafax Enterprise -
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
6.8
CVSSv2
CVE-2020-8024
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local malicious users to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versio...
Opensuse Hylafax\\+
6.5
CVSSv2
CVE-2020-11766
sendfax.php in iFAX AvantFAX prior to 3.3.6 and HylaFAX Enterprise Web Interface prior to 0.2.5 allows authenticated Command Injection.
Ifax Hylafax
Avantfax Avantfax
7.5
CVSSv2
CVE-2005-3538
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote malicious users to gain privileges.
Ifax Solutions Hylafax 4.2.3
NA
CVE-2130-5680
HylaFAX+ versions 5.2.4 through 5.5.3 suffer from a buffer overflow vulnerability. The code path for authenticating users via LDAP allocates a 255-byte buffer (via the C++ "new" operator), and then "strcats" user-supplied data buffered from the inbound FTP con...
7.5
CVSSv2
CVE-1999-0262
Hylafax faxsurvey CGI script on Linux allows remote malicious users to execute arbitrary commands via shell metacharacters in the query string.
Renaud Deraison Faxsurvey
1 EDB exploit
7.2
CVSSv2
CVE-2001-1034
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
Freebsd Freebsd 4.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2