CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2014-2965
https://notcve.org/view.php?id=CVE-2014-2965
Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter. Vulnerabilidad de XSS en auth-settings-x.php en SpamTitan anterior a 6.04 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro sortdir. • http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jun/113 http://www.kb.cert.org/vuls/id/849500 http://www.securityfocus.com/bid/68143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4638
https://notcve.org/view.php?id=CVE-2011-4638
Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php. Múltiples vulnerabilidades de inyección SQL en SpamTitan WebTitan antes de v3.60 permite a atacantes remotos ejecutar comandos SQL a través de (1) el parámetro username a login-x.php, y permite a usuarios remotos autenticados ejecutar comandos SQL a través de el parámetro (2) bldomain ,(3) wldomain, o (4) temid a urls-x.php. • http://www.sec-1.com/blog/?p=211 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4639
https://notcve.org/view.php?id=CVE-2011-4639
The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence. Las implementaciones (1) Traceroute y (2) Ping en tools.php en SpamTitan WebTitan anteiores a v3.60 permite a usuarios remotos autenticados ejecutar comandos a través de metacaracteres shell en el argumento, como se demostró con una secuencia && (ampersand, ampersand). • http://www.sec-1.com/blog/?p=211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4640 – WebTitan - 'logs-x.php' Directory Traversal
https://notcve.org/view.php?id=CVE-2011-4640
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action. Vulnerabilidad de salto de directorio en logs-x.php en SpamTitan WebTitan anteriores a v3.60, permite a usuarios remotos autenticados leer ficheros locales de su elección al utilizar caracteres .. (punto punto) en el parámetro fname en una acción view. • https://www.exploit-db.com/exploits/37943 http://www.sec-1.com/blog/?p=211 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2011-5149 – SpamTitan 5.08 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5149
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en SpamTitan v5.08 y anteriores permite a atacantes remotos o usuarios autenticados inyectar secuencias de comandos web o HTML a través de los parámetros (1) testaddr or (2) testpass de setup-network.phpauth-settings.php; los parámetros (3) hostname, (4) domainname, o (5) mailserver de setup-relay.php; o los parámetros (6) subnetmask o (7) defaultroute de setup-network.php. • https://www.exploit-db.com/exploits/18261 http://osvdb.org/77987 http://osvdb.org/77988 http://osvdb.org/77989 http://secunia.com/advisories/47309 http://www.exploit-db.com/exploits/18261 http://www.vulnerability-lab.com/get_content.php?id=91 https://exchange.xforce.ibmcloud.com/vulnerabilities/71942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •