3 results (0.072 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. SpamTitan anterior a la versión 7.09 permite a los atacantes manipular las copias de seguridad, porque las copias de seguridad no están encriptadas. • https://docs.titanhq.com/en/13161-spamtitan-release-notes.html https://secator.pl/index.php/2020/12/23/cve-2020-35658 • CWE-312: Cleartext Storage of Sensitive Information CWE-552: Files or Directories Accessible to External Parties •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application. TitanHQ SpamTitan, en versiones anteriores a la 7.01, tiene una validación de entradas incorrecta. Esto permite a los atacantes internos omitir el filtro antispam para enviar correos maliciosos a todo el personal de una determinada organización modificando las peticiones URL enviadas a la aplicación. • https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter. Vulnerabilidad de XSS en auth-settings-x.php en SpamTitan anterior a 6.04 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro sortdir. • http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jun/113 http://www.kb.cert.org/vuls/id/849500 http://www.securityfocus.com/bid/68143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •