Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.10 views

CVE-1999-0262

Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string...

7.5CVSS8AI score0.0907EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-3537

Malware in sbrugna...

7.5CVSS6.1AI score0.02477EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-28936

Malware in sbrugna...

6.8CVSS5.7AI score0.00494EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7390

Malware in sbrugna...

7.8CVSS7.7AI score0.00387EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-3069

Malware in sbrugna...

2.1CVSS6.1AI score0.00383EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-1179

Malware in sbrugna...

7.5CVSS6.1AI score0.01779EPSS
Exploits0References9
NVD
NVD
added 2025/04/14 7:15 p.m.16 views

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

9.9CVSS0.00498EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2020/06/30 11:17 a.m.24 views

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.8CVSS7.5AI score0.00387EPSS
Exploits1
CNVD
CNVD
added 2020/06/30 12:0 a.m.8 views

Unspecified Vulnerability in SUSE openSUSE hylafax+

openSUSE is a set of Linux-based free operating system and open source community project of the German SUSE company. hylafax+ is one of the fax server for Unix-like systems. A security vulnerability exists in SUSE openSUSE hylafax+, which stems from the program's failure to properly set default...

6.8CVSS6.7AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2005/12/31 5:0 a.m.2 views

DEBIAN-CVE-2005-3538

hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges...

7.5CVSS7.4AI score0.02477EPSS
Exploits0References1
OSV
OSV
added 2005/09/27 7:3 p.m.7 views

CVE-2005-3069

xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file...

6AI score
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.24 views

GLSA-200501-21 : HylaFAX: hfaxd unauthorized login vulnerability

The remote host is affected by the vulnerability described in GLSA-200501-21 HylaFAX: hfaxd unauthorized login vulnerability The code used by hfaxd to match a given username and hostname with an entry in the hosts.hfaxd file is insufficiently protected against malicious entries. Impact : If the...

7.5CVSS5.7AI score0.01779EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2005/01/19 5:0 a.m.39 views

CVE-2004-1182

hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted 1 username or 2 hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password...

7.5CVSS6.2AI score0.01779EPSS
Exploits0
securityvulns
securityvulns
added 2005/01/13 12:0 a.m.46 views

HylaFAX hfaxd unauthorized login vulnerability

HylaFAX security advisory 11 Jan 2005 Subject: HylaFAX hfaxd unauthorized login vulnerability Introduction: HylaFAX is a mature est. 1991 enterprise-class open-source software package for sending and receiving facsimiles as well as for sending alpha-numeric pages. It runs on a wide variety of...

7.5CVSS6.3AI score0.01779EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/01/13 12:0 a.m.21 views

Mandrake Linux Security Advisory : hylafax (MDKSA-2005:006)

Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system. The updated packages are provided to prevent this issue. Note that the packages includ...

7.5CVSS5.4AI score0.01779EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/01/12 12:0 a.m.19 views

Debian DSA-634-1 : hylafax - weak hostname and username validation

Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system. Some installations of hylafax may actually utilise...

7.5CVSS5.4AI score0.01779EPSS
Exploits0References2
Debian
Debian
added 2005/01/11 5:2 p.m.32 views

[SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access

-------------------------------------------------------------------------- Debian Security Advisory DSA 634-1 [email protected] http://www.debian.org/security/ Martin Schulze January 11th, 2005 http://www.debian.org/security/faq -...

7.5CVSS0.01779EPSS
Exploits0
Debian
Debian
added 2005/01/11 5:2 p.m.29 views

[SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access

-------------------------------------------------------------------------- Debian Security Advisory DSA 634-1 [email protected] http://www.debian.org/security/ Martin Schulze January 11th, 2005 http://www.debian.org/security/faq -...

7.5CVSS5.7AI score0.01779EPSS
Exploits0
FreeBSD
FreeBSD
added 2005/01/11 12:0 a.m.38 views

hylafax -- unauthorized login vulnerability

A flaw in HylaFAX may allow an attacker to bypass normal authentication by spoofing their DNS PTR records...

7.5CVSS2.5AI score0.01779EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2004/12/31 5:0 a.m.19 views

CVE-2004-1182

hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted 1 username or 2 hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password...

7.5CVSS6AI score0.01779EPSS
Exploits0References1
Rows per page
Query Builder