Security Information
Security Information
iFAX Solutions takes security seriously. We appreciate all security vulnerability reports. If you believe you discovered a security issue in our software products, please report it to our security team at security@ifax.com.
GPG Keys
The fingerprint for the master signing key used to sign all iFAX Solutions GPG Keys:
BEEF ED3D A6F3 C945 247D DCEF 89B6 4ECE AD60 AB0B
The fingerprint of GPG keys to contact our security teams:
security@ifax.com: CFCF 4581 09C8 51B2 BA14 232B BD94 F997 B8C6 ACDC
security@avantfax.com: 644C 736A C2DF 51C8 3FF2 0D59 B0CB B124 A6A7 84CA
security@hylafax.org: 9024 0BA2 77AE 878D 8C62 4882 0084 9FA9 64FB 31CE
The fingerprint of GPG keys used to sign our packages and other distributions:
AvantFAX distributions: F97A 4C7B EAA0 31DD EFDE 5D80 77E6 FF03 8103 770E
iFAX distributions: 6253 2E3E 58D0 8CB8 199E 5278 8F5A 7A5B DFCA F91C
CVE Advisories
| Date | ID | Systems affected | Versions | Versions Fixed | Description |
|---|---|---|---|---|---|
| 2025-04-09 | CVE-2025-1782 | HylaFAX Enterprise Web Interface AvantFAX | 1.3.0-1.3.1 1.2.0 0.* <= 3.4.0 | 1.3.2 1.2.1 --- 3.4.1 | Unsanitized language form field allowing remote code execution |
| 2020-06-15 | CVE-2020-15398 | HylaFAX Enterprise Web Interface AvantFAX | 0.2.0-0.2.5 <=3.3.6 | 0.2.6 3.3.7 | Unsanitized form field allowing SQL injection in archive.php |
| 2020-05-12 | CVE-2020-11766 | HylaFAX Enterprise Web Interface AvantFAX | 0.2.0-0.2.4 <= 3.3.5 | 0.2.5 3.3.6 | Unsanitized form field allowing remote code execution in sendfax.php |
