1 results (0.001 seconds)
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2005-3538 – HylaFAX-01042006.txt
https://notcve.org/view.php?id=CVE-2005-3538
31 Dec 2005 — hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. HylaFAX version 4.2.3 hfaxd will allow any password when compiled with PAM support disabled. Also, the HylaFAX notify script passes unsanitised user-supplied data to eval, allowing remote attackers to execute arbitrary commands. The data needs to be part of a submitted job and as such, attackers must have access to submit faxes to the server in order to exploit this vulnerabil... • http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719 •