4 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. SpamTitan anterior a la versión 7.09 permite a los atacantes manipular las copias de seguridad, porque las copias de seguridad no están encriptadas. • https://docs.titanhq.com/en/13161-spamtitan-release-notes.html https://secator.pl/index.php/2020/12/23/cve-2020-35658 • CWE-312: Cleartext Storage of Sensitive Information CWE-552: Files or Directories Accessible to External Parties •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application. TitanHQ SpamTitan, en versiones anteriores a la 7.01, tiene una validación de entradas incorrecta. Esto permite a los atacantes internos omitir el filtro antispam para enviar correos maliciosos a todo el personal de una determinada organización modificando las peticiones URL enviadas a la aplicación. • https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter. Vulnerabilidad de XSS en auth-settings-x.php en SpamTitan anterior a 6.04 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro sortdir. • http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jun/113 http://www.kb.cert.org/vuls/id/849500 http://www.securityfocus.com/bid/68143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en SpamTitan v5.08 y anteriores permite a atacantes remotos o usuarios autenticados inyectar secuencias de comandos web o HTML a través de los parámetros (1) testaddr or (2) testpass de setup-network.phpauth-settings.php; los parámetros (3) hostname, (4) domainname, o (5) mailserver de setup-relay.php; o los parámetros (6) subnetmask o (7) defaultroute de setup-network.php. • https://www.exploit-db.com/exploits/18261 http://osvdb.org/77987 http://osvdb.org/77988 http://osvdb.org/77989 http://secunia.com/advisories/47309 http://www.exploit-db.com/exploits/18261 http://www.vulnerability-lab.com/get_content.php?id=91 https://exchange.xforce.ibmcloud.com/vulnerabilities/71942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •