Page 2 of 8 results (0.008 seconds)

CVSS: 10.0EPSS: 90%CPEs: 1EXPL: 4

An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. Se detectó un problema en Titan SpamTitan versión 7.07. Un saneamiento de entrada inapropiada del parámetro community en la página snmp-x.php permitiría a un atacante remoto inyectar comandos en el archivo snmpd.conf que permitiría ejecutar comandos en el servidor de destino SpamTitan version 7.07 suffers from an unauthenticated remote code execution vulnerability in snmp-x.php. • https://www.exploit-db.com/exploits/48856 http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.spamtitan.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3

An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. Se detectó un problema en Titan SpamTitan versión 7.07. Debido a un saneamiento inapropiado del parámetro quid, utilizado en la página mailqueue.php, una inyección de código puede ocurrir. • https://www.exploit-db.com/exploits/48817 http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.spamtitan.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3

An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page. Se detectó un problema en Titan SpamTitan versión 7.07. Un saneamiento inapropiado del parámetro jaction cuando interactúa con la página mailqueue.php, podría conllevar a una evaluación del código PHP del lado del servidor, porque la entrada proporcionada por el usuario es pasada directamente a la función php eval(). • https://www.exploit-db.com/exploits/48817 http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html https://github.com/felmoltor https://sensepost.com/blog/2020/clash-of-the-spamtitan https://twitter.com/felmoltor https://www.spamtitan.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •