22 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-15396
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could...
CVE-2025-1782
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...
CVE-2025-1782 Unsanitized input in language form field
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...
CVE-2025-1782
CVE-2025-1782 affects HylaFAX Enterprise Web Interface and AvantFAX. The vulnerability arises from an unsanitized language form element that can be abused to include an arbitrary file in PHP code, enabling an authenticated attacker to perform actions as the web server user. The available document...
编号撤回
iFAX AvantFAX and iFAX HylaFAX Enterprise Web Interface are both products of iFAX Corporation. iFAX AvantFAX is a Web application that allows users to view and send faxes on any platform without the need to install special software. iFAX HylaFAX Enterprise Web Interface is a web-based application...
PT-2025-16262
Name of the Vulnerable Software and Affected Versions HylaFAX Enterprise Web Interface and AvantFAX affected versions not specified Description The language form element in HylaFAX Enterprise Web Interface and AvantFAX is not properly sanitized before being used, allowing an attacker to include a...
SUSE CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
Unspecified Vulnerability in iFAX Solutions HylaFAX+ and HylaFAX Enterprise
iFAX Solutions HylaFAX+ is an open source, enterprise-class send and receive fax system from iFAX Solutions, Inc. The system provides fax functionality for users on a local area network.HylaFAX Enterprise is the commercial version. A security vulnerability exists in iFAX Solutions HylaFAX+ 7.0.2...
CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
DEBIAN-CVE-2020-15396
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...
ALPINE-CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
CVE-2020-15396
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...
CVE-2020-15396
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...
CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
CVE-2020-15396
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...
CVE-2020-15396
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...
CVE-2020-11766
sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection...