CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19016
https://notcve.org/view.php?id=CVE-2019-19016
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. Algunas funciones, tal y como /history-x.php, de la interfaz de administración son vulnerables a una inyección SQL por medio del parámetro results. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19015
https://notcve.org/view.php?id=CVE-2019-19015
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19014
https://notcve.org/view.php?id=CVE-2019-19014
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. Presenta un archivo de sudoers que permite a usuarios con pocos privilegios ejecutar una gran número de comandos como root, incluidos mv, chown y chmod. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18227
https://notcve.org/view.php?id=CVE-2017-18227
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature. TitanHQ WebTitan Gateway tiene una validación incorrecta de certificados para la característica de interceptación TLS. • http://dx.doi.org/10.14722/ndss.2017.23456 https://jhalderm.com/pub/papers/interception-ndss17.pdf https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact-https-interception • CWE-295: Improper Certificate Validation •