Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hylafax vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-1999-1340
Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument.
Hylafax Hylafax 4.0.2
1 EDB exploit
2.1
CVSSv2
CVE-2005-3069
xferfaxstats in HylaFax 4.2.1 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.
Hylafax Hylafax 4.2.1
7.2
CVSSv2
CVE-2020-15396
In HylaFAX+ up to and including 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
Hylafax\\+ Project Hylafax\\+
Ifax Hylafax Enterprise -
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
6.8
CVSSv2
CVE-2020-8024
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local malicious users to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versio...
Opensuse Hylafax\\+
7.5
CVSSv2
CVE-2005-3538
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote malicious users to gain privileges.
Ifax Solutions Hylafax 4.2.3
6.5
CVSSv2
CVE-2020-11766
sendfax.php in iFAX AvantFAX prior to 3.3.6 and HylaFAX Enterprise Web Interface prior to 0.2.5 allows authenticated Command Injection.
Ifax Hylafax
Avantfax Avantfax
NA
CVE-2130-5680
HylaFAX+ versions 5.2.4 through 5.5.3 suffer from a buffer overflow vulnerability. The code path for authenticating users via LDAP allocates a 255-byte buffer (via the C++ "new" operator), and then "strcats" user-supplied data buffered from the inbound FTP con...
7.5
CVSSv2
CVE-1999-0262
Hylafax faxsurvey CGI script on Linux allows remote malicious users to execute arbitrary commands via shell metacharacters in the query string.
Renaud Deraison Faxsurvey
1 EDB exploit
7.2
CVSSv2
CVE-2001-1034
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
Freebsd Freebsd 4.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2