U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): FaxFinder
  • Search Type: Search All
  • Match: Exact
  • CPE Name Search: false
There are 2 matching records.
Displaying matches 1 through 2.
Vuln ID Summary CVSS Severity

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.

Published: October 03, 2018; 4:29:16 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM

MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.

Published: September 29, 2017; 9:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH