CVE-2020-11698 – SpamTitan 7.07 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-11698
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. Se detectó un problema en Titan SpamTitan versión 7.07. Un saneamiento de entrada inapropiada del parámetro community en la página snmp-x.php permitiría a un atacante remoto inyectar comandos en el archivo snmpd.conf que permitiría ejecutar comandos en el servidor de destino SpamTitan version 7.07 suffers from an unauthenticated remote code execution vulnerability in snmp-x.php. • https://www.exploit-db.com/exploits/48856 http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.spamtitan.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2020-11804 – SpamTitan 7.07 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2020-11804
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. Se detectó un problema en Titan SpamTitan versión 7.07. Debido a un saneamiento inapropiado del parámetro quid, utilizado en la página mailqueue.php, una inyección de código puede ocurrir. • https://www.exploit-db.com/exploits/48817 http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.spamtitan.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2020-11803 – SpamTitan 7.07 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2020-11803
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page. Se detectó un problema en Titan SpamTitan versión 7.07. Un saneamiento inapropiado del parámetro jaction cuando interactúa con la página mailqueue.php, podría conllevar a una evaluación del código PHP del lado del servidor, porque la entrada proporcionada por el usuario es pasada directamente a la función php eval(). • https://www.exploit-db.com/exploits/48817 http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.spamtitan.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-19021
https://notcve.org/view.php?id=CVE-2019-19021
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. Presenta una cuenta de soporte oculta (con una contraseña embebida) en la interfaz de administración web, con privilegios de administrador. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-798: Use of Hard-coded Credentials •
CVE-2019-19020
https://notcve.org/view.php?id=CVE-2019-19020
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. En la interfaz web de administración, es posible cargar un archivo de copia de seguridad diseñado que permite a un atacante ejecutar código arbitrario al sobrescribir los archivos existentes o agregando nuevos archivos PHP bajo la root web. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-434: Unrestricted Upload of File with Dangerous Type •