Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and previous versions allow remote malicious users to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hylafax hylafax 4.1.1 |
||
hylafax hylafax 4.2 |
||
hylafax hylafax 4.2.1 |
||
hylafax hylafax 4.2.2 |
||
hylafax hylafax 4.2.3 |