CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 0CVE-2020-11766
https://notcve.org/view.php?id=CVE-2020-11766
19 May 2020 — sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. El archivo sendfax.php en iFAX AvantFAX versiones anteriores a 3.3.6 e HylaFAX Enterprise Web Interface versiones anteriores a 0.2.5, permite una Inyección de Comandos autenticada. • ftp://ftp.ifax.com/security/CVE-2020-11766.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3070
https://notcve.org/view.php?id=CVE-2005-3070
27 Sep 2005 — HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384 •