Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hylafax hylafax vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-1182
hfaxd in HylaFAX prior to 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote malicious users to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a...
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1.3
Hylafax Hylafax 4.1 Beta3
Hylafax Hylafax 4.2.0
Hylafax Hylafax 4.1.7
Hylafax Hylafax 4.1.8
Hylafax Hylafax 4.1.5
Hylafax Hylafax 4.1.6
Hylafax Hylafax 4.1.1
Hylafax Hylafax 4.1 Beta1
Hylafax Hylafax 4.1 Beta2
NA
CVE-2002-1049
Format string vulnerability in HylaFAX faxgetty prior to 4.1.3 allows remote malicious users to cause a denial of service (crash) via the TSI data element.
Hylafax Hylafax 4.1 Beta3
Hylafax Hylafax 4.0 Pl0
Hylafax Hylafax 4.0 Pl1
Hylafax Hylafax 4.0 Pl2
Hylafax Hylafax 4.1
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1 Beta2
Hylafax Hylafax 4.0.2
Hylafax Hylafax 4.1.1
Hylafax Hylafax 4.1 Beta1
NA
CVE-2002-1050
Buffer overflow in HylaFAX faxgetty prior to 4.1.3 allows remote malicious users to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.
Hylafax Hylafax 4.0.2
Hylafax Hylafax 4.0 Pl0
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1 Beta1
Hylafax Hylafax 4.1 Beta2
Hylafax Hylafax 4.1 Beta3
Hylafax Hylafax 4.0 Pl1
Hylafax Hylafax 4.1
Hylafax Hylafax 4.0 Pl2
Hylafax Hylafax 4.1.1
NA
CVE-2003-0886
Format string vulnerability in hfaxd for Hylafax 4.1.7 and previous versions allows remote malicious users to execute arbitrary code.
Hylafax Hylafax 4.1.1
Hylafax Hylafax 4.1.2
Hylafax Hylafax 4.1
Hylafax Hylafax 4.1.3
Hylafax Hylafax 4.1.5
Hylafax Hylafax 4.1.6
Hylafax Hylafax 4.1.7
1 EDB exploit
NA
CVE-2001-0387
Format string vulnerability in hfaxd in HylaFAX prior to 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
Hylafax Hylafax 4.1 Beta2
Hylafax Hylafax 4.1 Beta3
Hylafax Hylafax 4.0 Pl0
Hylafax Hylafax 4.0 Pl1
Hylafax Hylafax 4.0 Pl2
Hylafax Hylafax 4.1 Beta1
NA
CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and previous versions allow remote malicious users to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
Hylafax Hylafax 4.1.1
Hylafax Hylafax 4.2
Hylafax Hylafax 4.2.1
Hylafax Hylafax 4.2.2
Hylafax Hylafax 4.2.3
1 EDB exploit
NA
CVE-2013-5680
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 up to and including 5.5.3, when using LDAP authentication, might allow remote malicious users to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
Lee Howard Hylafax\\+ 5.5.1
Lee Howard Hylafax\\+ 5.4.1
Lee Howard Hylafax\\+ 5.4.2
Lee Howard Hylafax\\+ 5.5.0
Lee Howard Hylafax\\+ 5.2.5
Lee Howard Hylafax\\+ 5.5.3
Lee Howard Hylafax\\+ 5.2.8
Lee Howard Hylafax\\+ 5.3.0
Lee Howard Hylafax\\+ 5.2.9
Lee Howard Hylafax\\+ 5.2.7
Lee Howard Hylafax\\+ 5.5.2
Lee Howard Hylafax\\+ 5.2.4
Lee Howard Hylafax\\+ 5.2.6
1 EDB exploit
7.8
CVSSv3
CVE-2020-15397
HylaFAX+ up to and including 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of...
Hylafax\\+ Project Hylafax\\+
Ifax Hylafax Enterprise -
NA
CVE-2005-3070
HylaFax 4.2.1 and previous versions does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.
Hylafax Hylafax
9.8
CVSSv3
CVE-2018-17141
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote malicious users to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Hylafax Hylafax\\+ 5.6.0
Hylafax Hylafax 6.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »