CVE-2019-19021
https://notcve.org/view.php?id=CVE-2019-19021
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. Presenta una cuenta de soporte oculta (con una contraseña embebida) en la interfaz de administración web, con privilegios de administrador. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-798: Use of Hard-coded Credentials •
CVE-2019-19020
https://notcve.org/view.php?id=CVE-2019-19020
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. En la interfaz web de administración, es posible cargar un archivo de copia de seguridad diseñado que permite a un atacante ejecutar código arbitrario al sobrescribir los archivos existentes o agregando nuevos archivos PHP bajo la root web. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2019-19019
https://notcve.org/view.php?id=CVE-2019-19019
An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-346: Origin Validation Error •
CVE-2019-19018
https://notcve.org/view.php?id=CVE-2019-19018
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. Expone un archivo de configuración de la base de datos en el archivo /include/dbconfig.ini en la interfaz de administración web, revelando qué base de datos está utilizando la aplicación web. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-552: Files or Directories Accessible to External Parties •
CVE-2019-19017
https://notcve.org/view.php?id=CVE-2019-19017
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. El dispositivo presenta una contraseña de root embebida establecida durante la instalación. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-798: Use of Hard-coded Credentials •