6 results (0.003 seconds)

CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0

HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384 http://secunia.com/advisories/17107 http://www.mandriva.com/security/advisories?name=MDKSA-2005:177 http://www.securityfocus.com/bid/15043 •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password. • http://marc.info/?l=bugtraq&m=110546971307585&w=2 http://marc.info/?l=hylafax&m=110545119911558&w=2 http://secunia.com/advisories/13812 http://security.gentoo.org/glsa/glsa-200501-21.xml http://www.debian.org/security/2004/dsa-634 http://www.mandriva.com/security/advisories?name=MDKSA-2005:006 •

CVSS: 10.0EPSS: 13%CPEs: 7EXPL: 1

Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code. Vulnerabilidad de cadena de formato en Hylafax 4.1.7 y anteriores permite a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/23371 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783 http://marc.info/?l=bugtraq&m=106858898708752&w=2 http://www.debian.org/security/2003/dsa-401 http://www.mandriva.com/security/advisories?name=MDKSA-2003:105 http://www.novell.com/linux/security/advisories/2003_045_hylafax.html •

CVSS: 7.5EPSS: 7%CPEs: 10EXPL: 0

Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312 http://www.debian.org/security/2002/dsa-148 http://www.iss.net/security_center/static/9729.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:055 http://www.novell.com/linux/security/advisories/2002_035_hylafax.html http://www.securityfocus.com/bid/5349 •

CVSS: 5.0EPSS: 3%CPEs: 10EXPL: 0

Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300 http://www.debian.org/security/2002/dsa-148 http://www.iss.net/security_center/static/9728.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:055 http://www.novell.com/linux/security/advisories/2002_035_hylafax.html http://www.osvdb.org/5002 http://www.securityfocus.com/bid/5348 •