what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write
Posted Sep 20, 2018
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2018-17141
MD5 | b13871247b7cf82557cf72c3c2ec0aa3

Related Files

Debian Security Advisory 4298-1
Posted Sep 21, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4298-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2018-17141
MD5 | 16d9fa9dc1088373f349597c035aafba
HylaFAX+ 5.5.3 Buffer Overflow
Posted Sep 30, 2013
Authored by Dennis Jenkins

HylaFAX+ versions 5.2.4 through 5.5.3 suffer from a buffer overflow vulnerability. The code path for authenticating users via LDAP allocates a 255-byte buffer (via the C++ "new" operator), and then "strcats" user-supplied data buffered from the inbound FTP control channel. Other code limits the amount of copied data to 506 bytes, and truncates on NULL and "\n". Thus it is possible for an unauthenticated remote attacker to overflow the heap with a limited character set.

tags | exploit, remote, overflow
advisories | CVE-2013-5680
MD5 | 41ce910c8b8e930012aa79b49c77d4fc
Secunia Security Advisory 22450
Posted Oct 18, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for capi4hylafax. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, gentoo
MD5 | 49dca5383a74774d9072094218d19826
Debian Linux Security Advisory 1165-1
Posted Sep 7, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1165-1 - Lionel Elie Mamane discovered a security vulnerability in capi4hylafax, tools for faxing over a CAPI 2.0 device, that allows remote attackers to execute arbitrary commands on the fax receiving system.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2006-3126
MD5 | ca6e43250bce8c0a042c5cccd794d08c
Secunia Security Advisory 21722
Posted Sep 6, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an advisory for capi4hylafax. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, debian
MD5 | e68ecc98e9a3ce4a72ab427464b6b02a
Secunia Security Advisory 21726
Posted Sep 6, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Capi4Hylafax, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 4f0a5751666bdb37d4102919e5140a63
capi4hylafax.txt
Posted Mar 9, 2006
Authored by DrFrancky

capi4hylafax version 01.03.00 is susceptible to a symbolic link creation vulnerability.

tags | advisory
MD5 | 2489f487fa9ebab1f038e1db3add250a
Secunia Security Advisory 18489
Posted Jan 19, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandrake has issued an update for hylafax. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, mandrake
MD5 | 57aec1b62257e40b2a22b20613e0fd8d
Secunia Security Advisory 18366
Posted Jan 11, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for hylafax. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
systems | linux, debian
MD5 | be49d560f16e4f2e3c2ff4e3ce88fbee
Debian Linux Security Advisory 933-1
Posted Jan 10, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 933-1 - Patrice Fournier found that hylafax passes unsanitized user data in the notify script, allowing users with the ability to submit jobs to run arbitrary commands with the privileges of the hylafax server.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2005-3539
MD5 | 712032eac539837fc10550dcf7e10e27
Gentoo Linux Security Advisory 200601-3
Posted Jan 8, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200601-03 - Patrice Fournier discovered that HylaFAX runs the notify script on untrusted user input. Furthermore, users can log in without a password when HylaFAX is installed with the pam USE-flag disabled. Versions less than 4.2.3-r1 are affected.

tags | advisory
systems | linux, gentoo
MD5 | 83ffe9f2f439954f90015fa3ca4bd7b0
HylaFAX-01042006.txt
Posted Jan 8, 2006
Site hylafax.org

HylaFAX version 4.2.3 hfaxd will allow any password when compiled with PAM support disabled. Also, the HylaFAX notify script passes unsanitised user-supplied data to eval, allowing remote attackers to execute arbitrary commands. The data needs to be part of a submitted job and as such, attackers must have access to submit faxes to the server in order to exploit this vulnerability. HylaFAX versions 4.2.0 up to 4.2.3 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2005-3538, CVE-2005-3539
MD5 | 8a3b8f358614fd4bcfe2524b08e7bcdb
Secunia Security Advisory 18314
Posted Jan 6, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported HylaFAX, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | 7edd89a4f7d55afd5d8dde9f647bc027
Secunia Security Advisory 18337
Posted Jan 6, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for hylafax. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, gentoo
MD5 | ebe647dd904128c7e93349289033189c
Secunia Security Advisory 17187
Posted Oct 14, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for hylafax. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

tags | advisory, local
systems | linux, debian
MD5 | 9413943a731a665d0ed39820284c0140
Debian Linux Security Advisory 865-1
Posted Oct 13, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 865-1 - Javier Fernandez-Sanguino Pena discovered that several scripts of the hylafax suite, a flexible client/server fax software, create temporary files and directories in an insecure fashion, leaving them vulnerable to symlink exploits.

tags | advisory
systems | linux, debian
advisories | CVE-2005-3069
MD5 | bd9774f15cc04cb1ccd51339b97c2e33
Secunia Security Advisory 17107
Posted Oct 11, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for hylafax. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

tags | advisory, local
systems | linux, mandriva
MD5 | 5d4d60f4f588e76a561921dfadba2bba
Mandriva Linux Security Advisory 2005.177
Posted Oct 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. In addition, HylaFax has some provisional support for Unix domain sockets, which is disabled in the default compile configuration. It is suspected that a local user could create a fake /tmp/hyla.unix socket and intercept fax traffic via this socket. In testing for this vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found that client programs correctly exit before sending any data.

tags | advisory, arbitrary, local
systems | linux, unix, mandriva
advisories | CVE-2005-3069, CVE-2005-3070
MD5 | f70de58de1767b2c301398491890e53e
Gentoo Linux Security Advisory 200509-21
Posted Oct 4, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-21 - Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Versions less than 4.2.2 are affected.

tags | advisory
systems | linux, gentoo
MD5 | cf5fa0f9a8346e46178ebc82c47f8fb6
Secunia Security Advisory 16906
Posted Sep 23, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Javier Fernandez-Sanguino Pena has reported a vulnerability in HylaFAX, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

tags | advisory, local
MD5 | be0d3cc7c7d2ae8a3579bc5f1efad8bc
hylafax.txt
Posted Jan 12, 2005
Site hylafax.org

HylaFAX hfaxd versions as far back as 4.0pl0 are vulnerable to unauthorized remote access when there are hosts.hfaxd entries without passwords.

tags | advisory, remote
MD5 | c38d1ea4d55a01190810d40602056243
iss.summary.6.6
Posted May 16, 2001
Site xforce.iss.net

ISS Security Alert Summary for May 10, 2001 - Volume 6 Number 6. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: thebat-masked-file-type, php-nuke-url-redirect, orinoco-rg1000-wep-key, navision-server-dos, ustorekeeper-retrieve-files, resin-view-javabean, bpftp-obtain-credentials, ntpd-remote-bo, cisco-css-elevate-privileges, bea-tuxedo-remote-access, ultimatebb-bypass-authentication, bintec-x4000-nmap-dos, firebox-kernel-dos, cisco-pix-tacacs-dos, ipfilter-access-ports, veritas-netbackup-nc-dos, nai-pgp-split-keys, solaris-kcms-command-bo, talkback-cgi-read-files, ftp-glob-implementation, pine-tmp-file-symlink, ftp-glob-expansion, netscape-javascript-access-data, strip-weak-passwords, solaris-xsun-home-bo, compaq-activex-dos, alcatel-expert-account, alcatel-tftp-lan-access, alcatel-tftp-wan-access, oracle-appserver-ndwfn4-bo, alcatel-blank-password, solaris-dtsession-bo, solaris-kcssunwiosolf-bo, lightwave-consoleserver-brute-force, nph-maillist-execute-code, ghost-configuration-server-dos, lotus-domino-device-dos, lotus-domino-header-dos, lotus-domino-url-dos, lotus-domino-corba-dos, ghost-database-engine-dos, cfingerd-remote-format-string, lotus-domino-unicode-dos, mkpasswd-weak-passwords, solaris-ipcs-bo, interscan-viruswall-isadmin-bo, hylafax-hfaxd-format-string, cisco-vpn-ip-dos, ibm-websphere-reveals-path, qpc-ftpd-bo, qpc-ftpd-directory-traversal, qpc-popd-bo, ncm-content-database-access, netscape-smartdownload-sdph20-bo, sco-openserver-accept-bo, sco-openserver-cancel-bo, sco-openserver-disable-bo, sco-openserver-enable-bo, sco-openserver-lp-bo, sco-openserver-lpfilter-bo, sco-openserver-lpstat-bo, sco-openserver-reject-bo, sco-openserver-rmail-bo, sco-openserver-tput-bo, ibm-websphere-macro-dos, sco-openserver-lpmove-bo, reliant-unix-ppd-symlink, exuberant-ctags-symlink, processit-cgi-view-info, isa-web-proxy-dos, ie-clsid-execute-files, cisco-catalyst-8021x-dos, bubblemon-elevate-privileges, dcforum-az-directory-traversal, dcforum-az-file-upload, dcforum-az-expr, linux-netfilter-iptables, xitami-server-dos, samba-tmpfile-symlink, goahead-aux-dos, analogx-simpleserver-aux-dos, viking-hex-directory-traversal, solaris-ftp-shadow-recovery, thebat-pop3-dos, eudora-plain-text-attachment, vmware-mount-symlink, kfm-tmpfile-symlink, cyberscheduler-timezone-bo, ms-dacipp-webdav-access, oracle-tnslsnr80-dos, innfeed-c-bo, iplanet-calendar-plaintext-password, nedit-print-symlink, checkbo-tcp-bo, hp-pcltotiff-insecure-permissions, netopia-timbuktu-gain-access, cisco-cbos-gain-information, ie-xml-stylesheets-scripting, gftp-format-string, bordermanager-vpn-syn-dos, saft-sendfiled-execute-code, mercury-mta-bo, qnx-fat-file-read, viking-dot-directory-traversal, netcruiser-server-path-disclosure, perl-webserver-directory-traversal, small-http-aux-dos, ipswitch-imail-smtp-bo, kerberos-inject-base64-encode, irix-netprint-shared-library, webxq-dot-directory-traversal, raidenftpd-dot-directory-traversal, perlcal-calmake-directory-traversal, icq-webfront-dos, alex-ftp-directory-traversal, webweaver-ftp-path-disclosure, webweaver-web-directory-traversal, winamp-aip-bo, bearshare-dot-download-files, and iis-isapi-bo.

tags | remote, web, kernel, cgi, perl, php, javascript, tcp, vulnerability, activex
systems | cisco, linux, unix, solaris, irix
MD5 | 358149138360bf4d1ae5e25e561405cc
hfaxd-fs-exploit.pl
Posted Apr 25, 2001
Authored by Telehor | Site teleh0r.cjb.net

Hylafax (/usr/libexec/fax/hfaxd) format string local root exploit. Tested on hylafax-4.0pl2-2.

tags | exploit, local, root
MD5 | 58b40d4fd0e65019435163abc426cf3b
FreeBSD Security Advisory 2001.34
Posted Apr 25, 2001
Authored by The FreeBSD Project | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-01:34 - The hylafax port, versions prior to hylafax-4.1.b2_2, contains a format string bug in the hfaxd program. A local user may execute the hfaxd program with command-line arguments containing format string characters, gaining root privileges on the local system.

tags | local, root
systems | freebsd
MD5 | 36f4e44196ff626f346ead7a6cccca5b
x11amp.txt
Posted Apr 19, 2000
Authored by Grampa Elite

Vulnerability: Any user can overwrite any file in the system with x11amp ver .70.

tags | exploit
MD5 | 6a3502236ea9eb76b2781d450922a5bb
Page 1 of 4
Back1234Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close