2 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. El archivo sendfax.php en iFAX AvantFAX versiones anteriores a 3.3.6 e HylaFAX Enterprise Web Interface versiones anteriores a 0.2.5, permite una Inyección de Comandos autenticada. • ftp://ftp.ifax.com/security/CVE-2020-11766.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0

HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384 http://secunia.com/advisories/17107 http://www.mandriva.com/security/advisories?name=MDKSA-2005:177 http://www.securityfocus.com/bid/15043 •