CVE-2019-19016
https://notcve.org/view.php?id=CVE-2019-19016
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. Algunas funciones, tal y como /history-x.php, de la interfaz de administración son vulnerables a una inyección SQL por medio del parámetro results. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-19015
https://notcve.org/view.php?id=CVE-2019-19015
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2019-19014
https://notcve.org/view.php?id=CVE-2019-19014
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. Presenta un archivo de sudoers que permite a usuarios con pocos privilegios ejecutar una gran número de comandos como root, incluidos mv, chown y chmod. • https://write-up.github.io/webtitan https://www.webtitan.com/resources/product-updates • CWE-269: Improper Privilege Management •
CVE-2014-4306 – WebTitan 4.01 (Build 68) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4306
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. Vulnerabilidad de salto de directorio en logs-x.php en WebTitan anterior a 4.04 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro logfile en una acción de descarga. • https://www.exploit-db.com/exploits/33699 http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-4307 – WebTitan 4.01 (Build 68) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4307
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. Vulnerabilidad de inyección SQL en categories-x.php en WebTitan anterior a 4.04 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro sortkey. • https://www.exploit-db.com/exploits/33699 http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •