7.5
CVE-2005-3539
- EPSS 12.65%
- Veröffentlicht 31.12.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:17:09
- CVE-Watchlists
- Unerledigt
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.65% | 0.957 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=719
http://secunia.com/advisories/18314
http://secunia.com/advisories/18337
http://secunia.com/advisories/18489
http://www.gentoo.org/security/en/glsa/glsa-200601-03.xml
http://www.hylafax.org/content/HylaFAX_4.2.4_release
http://www.mandriva.com/security/advisories?name=MDKSA-2006:015
http://www.securityfocus.com/archive/1/420974/100/0/threaded
http://www.vupen.com/english/advisories/2006/0072
http://secunia.com/advisories/18366
http://www.debian.org/security/2005/dsa-933
http://www.securityfocus.com/bid/16151