CVE-2005-3539
7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.107 Low
EPSS
Percentile
95.0%
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
References
bugs.hylafax.org/bugzilla/show_bug.cgi?id=719
secunia.com/advisories/18314
secunia.com/advisories/18337
secunia.com/advisories/18366
secunia.com/advisories/18489
www.debian.org/security/2005/dsa-933
www.gentoo.org/security/en/glsa/glsa-200601-03.xml
www.hylafax.org/content/HylaFAX_4.2.4_release
www.mandriva.com/security/advisories?name=MDKSA-2006:015
www.securityfocus.com/archive/1/420974/100/0/threaded
www.securityfocus.com/bid/16151
www.vupen.com/english/advisories/2006/0072
Related
7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.107 Low
EPSS
Percentile
95.0%