Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hylafax hylafax vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2005-3069
xferfaxstats in HylaFax 4.2.1 and previous versions allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.
Hylafax Hylafax 4.2.1
725
VMScore
CVE-1999-1340
Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument.
Hylafax Hylafax 4.0.2
1 EDB exploit
641
VMScore
CVE-2020-15396
In HylaFAX+ up to and including 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
Hylafax\\+ Project Hylafax\\+
Ifax Hylafax Enterprise -
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
605
VMScore
CVE-2020-8024
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local malicious users to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versio...
Opensuse Hylafax\\+
668
VMScore
CVE-2005-3538
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote malicious users to gain privileges.
Ifax Solutions Hylafax 4.2.3
578
VMScore
CVE-2020-11766
sendfax.php in iFAX AvantFAX prior to 3.3.6 and HylaFAX Enterprise Web Interface prior to 0.2.5 allows authenticated Command Injection.
Ifax Hylafax
Avantfax Avantfax
NA
CVE-2130-5680
HylaFAX+ versions 5.2.4 through 5.5.3 suffer from a buffer overflow vulnerability. The code path for authenticating users via LDAP allocates a 255-byte buffer (via the C++ "new" operator), and then "strcats" user-supplied data buffered from the inbound FTP con...
755
VMScore
CVE-1999-0262
Hylafax faxsurvey CGI script on Linux allows remote malicious users to execute arbitrary commands via shell metacharacters in the query string.
Renaud Deraison Faxsurvey
1 EDB exploit
641
VMScore
CVE-2001-1034
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
Freebsd Freebsd 4.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2