CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35658
https://notcve.org/view.php?id=CVE-2020-35658
23 Dec 2020 — SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. SpamTitan anterior a la versión 7.09 permite a los atacantes manipular las copias de seguridad, porque las copias de seguridad no están encriptadas. • https://docs.titanhq.com/en/13161-spamtitan-release-notes.html • CWE-312: Cleartext Storage of Sensitive Information CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 1CVE-2020-24046
https://notcve.org/view.php?id=CVE-2020-24046
17 Sep 2020 — A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able... • https://github.com/felmoltor • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-24045
https://notcve.org/view.php?id=CVE-2020-24045
17 Sep 2020 — A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-ins... • https://github.com/felmoltor • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.5EPSS: 12%CPEs: 1EXPL: 4CVE-2020-11700 – SpamTitan 7.07 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2020-11700
17 Sep 2020 — An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. Se detectó un problema en Titan SpamTitan versión 7.07. Un saneamiento inapropiado del parámetro fname, utilizado en la página certs-x.php, permitiría a un atacante recuperar el contenido de archivos arbitrarios. • https://packetstorm.news/files/id/159218 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 16%CPEs: 1EXPL: 4CVE-2020-11699 – SpamTitan 7.07 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2020-11699
17 Sep 2020 — An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. Se detectó un problema en Titan SpamTitan versión 7.07. Una comprobación inapropiada del parámetro fname en la página certs-x.php permitiría a un atacante ejecutar código remoto en el servidor de destino. • https://packetstorm.news/files/id/159218 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 83%CPEs: 1EXPL: 6CVE-2020-11698 – SpamTitan 7.07 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-11698
17 Sep 2020 — An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. Se detectó un problema en Titan SpamTitan versión 7.07. Un saneamiento de entrada inapropiada del parámetro community en la página snmp-x.php permitiría a un atacante remoto inyectar comandos en el archivo snmpd.conf que permitiría ejecutar comando... • https://packetstorm.news/files/id/160809 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 4CVE-2020-11804 – SpamTitan 7.07 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2020-11804
17 Sep 2020 — An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. Se detectó un problema en Titan SpamTitan versión 7.07. Debido a un saneamiento inapropiado del parámetro quid, utilizado en la página mailqueue.php, una inyección de código puede ocurrir. • https://packetstorm.news/files/id/159218 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 4CVE-2020-11803 – SpamTitan 7.07 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2020-11803
17 Sep 2020 — An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page. Se detectó un problema en Titan SpamTitan versión 7.07. Un saneamiento inapropiado del parámetro jaction cuando interactúa con la página mailqueue.php, p... • https://packetstorm.news/files/id/159218 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19021
https://notcve.org/view.php?id=CVE-2019-19021
02 Dec 2019 — An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. Presenta una cuenta de soporte oculta (con una contraseña embebida) en la interfaz de administración web, con privilegios de administrador. • https://write-up.github.io/webtitan • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2019-19020
https://notcve.org/view.php?id=CVE-2019-19020
02 Dec 2019 — An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account. Se detectó un problema en TitanHQ WebTitan versiones anteriores a 5.18. En la interfaz web de administración, es posible cargar un archivo de copia de seguridad diseñado q... • https://write-up.github.io/webtitan • CWE-434: Unrestricted Upload of File with Dangerous Type •