Lucene search
+L

22 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-15396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could...

7.8CVSS7AI score0.00384EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2025/04/14 7:15 p.m.16 views

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

9.9CVSS6AI score0.00517EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2025/04/14 6:41 p.m.9 views

CVE-2025-1782 Unsanitized input in language form field

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

9.9CVSS6AI score0.00517EPSS
Exploits0References1
CVE
CVE
added 2025/04/14 6:41 p.m.867 views

CVE-2025-1782

CVE-2025-1782 affects HylaFAX Enterprise Web Interface and AvantFAX. The vulnerability arises from an unsanitized language form element that can be abused to include an arbitrary file in PHP code, enabling an authenticated attacker to perform actions as the web server user. The available document...

9.9CVSS9.4AI score0.00517EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.3 views

编号撤回

iFAX AvantFAX and iFAX HylaFAX Enterprise Web Interface are both products of iFAX Corporation. iFAX AvantFAX is a Web application that allows users to view and send faxes on any platform without the need to install special software. iFAX HylaFAX Enterprise Web Interface is a web-based application...

6.6AI score0.00517EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.6 views

PT-2025-16262

Name of the Vulnerable Software and Affected Versions HylaFAX Enterprise Web Interface and AvantFAX affected versions not specified Description The language form element in HylaFAX Enterprise Web Interface and AvantFAX is not properly sanitized before being used, allowing an attacker to include a...

9.9CVSS5.9AI score0.00517EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.9AI score0.00538EPSS
Exploits1References7
CNVD
CNVD
added 2020/07/01 12:0 a.m.8 views

Unspecified Vulnerability in iFAX Solutions HylaFAX+ and HylaFAX Enterprise

iFAX Solutions HylaFAX+ is an open source, enterprise-class send and receive fax system from iFAX Solutions, Inc. The system provides fax functionality for users on a local area network.HylaFAX Enterprise is the commercial version. A security vulnerability exists in iFAX Solutions HylaFAX+ 7.0.2...

7.8CVSS7.5AI score0.00538EPSS
Exploits1
NVD
NVD
added 2020/06/30 12:15 p.m.13 views

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS0.00538EPSS
Exploits1References9
OSV
OSV
added 2020/06/30 12:15 p.m.3 views

DEBIAN-CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.8CVSS7.6AI score0.00384EPSS
Exploits1References1
OSV
OSV
added 2020/06/30 12:15 p.m.3 views

ALPINE-CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.4AI score0.00538EPSS
Exploits1References1
OSV
OSV
added 2020/06/30 12:15 p.m.18 views

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS6.9AI score
Exploits0References9
OSV
OSV
added 2020/06/30 12:15 p.m.28 views

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.8CVSS6.6AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2020/06/30 12:15 p.m.31 views

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.8CVSS7.1AI score0.00384EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/06/30 12:15 p.m.26 views

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.3AI score0.00538EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/06/30 11:17 a.m.34 views

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.6AI score0.00538EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2020/06/30 11:17 a.m.54 views

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

7.8CVSS7.9AI score0.00538EPSS
Exploits1
Cvelist
Cvelist
added 2020/06/30 11:17 a.m.39 views

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.4AI score0.00384EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2020/06/30 11:17 a.m.36 views

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.8CVSS7.7AI score0.00384EPSS
Exploits1
NVD
NVD
added 2020/05/19 8:15 p.m.13 views

CVE-2020-11766

sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection...

8.8CVSS8.7AI score0.01846EPSS
Exploits0References1
Rows per page
Query Builder