30 matches found
CVE-1999-0262
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string...
EUVD-2005-3537
Malware in sbrugna...
EUVD-2020-28936
Malware in sbrugna...
EUVD-2020-7390
Malware in sbrugna...
EUVD-2005-3069
Malware in sbrugna...
EUVD-2004-1179
Malware in sbrugna...
CVE-2025-1782
In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...
CVE-2020-15396
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...
Unspecified Vulnerability in SUSE openSUSE hylafax+
openSUSE is a set of Linux-based free operating system and open source community project of the German SUSE company. hylafax+ is one of the fax server for Unix-like systems. A security vulnerability exists in SUSE openSUSE hylafax+, which stems from the program's failure to properly set default...
DEBIAN-CVE-2005-3538
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges...
CVE-2005-3069
xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file...
GLSA-200501-21 : HylaFAX: hfaxd unauthorized login vulnerability
The remote host is affected by the vulnerability described in GLSA-200501-21 HylaFAX: hfaxd unauthorized login vulnerability The code used by hfaxd to match a given username and hostname with an entry in the hosts.hfaxd file is insufficiently protected against malicious entries. Impact : If the...
CVE-2004-1182
hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted 1 username or 2 hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password...
HylaFAX hfaxd unauthorized login vulnerability
HylaFAX security advisory 11 Jan 2005 Subject: HylaFAX hfaxd unauthorized login vulnerability Introduction: HylaFAX is a mature est. 1991 enterprise-class open-source software package for sending and receiving facsimiles as well as for sending alpha-numeric pages. It runs on a wide variety of...
Mandrake Linux Security Advisory : hylafax (MDKSA-2005:006)
Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system. The updated packages are provided to prevent this issue. Note that the packages includ...
Debian DSA-634-1 : hylafax - weak hostname and username validation
Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system. Some installations of hylafax may actually utilise...
[SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access
-------------------------------------------------------------------------- Debian Security Advisory DSA 634-1 [email protected] http://www.debian.org/security/ Martin Schulze January 11th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access
-------------------------------------------------------------------------- Debian Security Advisory DSA 634-1 [email protected] http://www.debian.org/security/ Martin Schulze January 11th, 2005 http://www.debian.org/security/faq -...
hylafax -- unauthorized login vulnerability
A flaw in HylaFAX may allow an attacker to bypass normal authentication by spoofing their DNS PTR records...
CVE-2004-1182
hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted 1 username or 2 hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password...