Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026

CVE-2005-3539

Description

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.

Affected products

Hylafax/Hylafax5 versions
cpe:2.3:a:hylafax:hylafax:4.1.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:hylafax:hylafax:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:hylafax:hylafax:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:hylafax:hylafax:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:hylafax:hylafax:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:hylafax:hylafax:4.2.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18314nvdPatchVendor Advisory
secunia.com/advisories/18337nvdPatchVendor Advisory
www.gentoo.org/security/en/glsa/glsa-200601-03.xmlnvdPatchVendor Advisory
www.securityfocus.com/bid/16151nvdExploitPatch
bugs.hylafax.org/bugzilla/show_bug.cginvd
secunia.com/advisories/18366nvd
secunia.com/advisories/18489nvd
www.debian.org/security/2005/dsa-933nvd
www.hylafax.org/content/HylaFAX_4.2.4_releasenvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/archive/1/420974/100/0/threadednvd
www.vupen.com/english/advisories/2006/0072nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000