Julian Pawlowski: >> Capi4hylafax Security Vulnerabilities
c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.
CVSS Score
7.5
EPSS Score
0.016
Published
2006-09-06
CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file.
CVSS Score
1.2
EPSS Score
0.001
Published
2006-03-14