Titanhq Spamtitan vulnerabilities
10 known vulnerabilities affecting titanhq/spamtitan.
Total CVEs
10
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-11698P2CRITICALCVSS 9.8PoCv7.072020-09-17
CVE-2020-11698 [CRITICAL] CWE-77 CVE-2020-11698: An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter commun
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.
nvd
CVE-2020-11699P2HIGHCVSS 8.8PoCv7.072020-09-17
CVE-2020-11699 [HIGH] CWE-78 CVE-2020-11699: An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the p
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.
nvd
CVE-2020-11803P2HIGHCVSS 8.8PoCv7.072020-09-17
CVE-2020-11803 [HIGH] CWE-94 CVE-2020-11803: An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page.
nvd
CVE-2020-11804P2HIGHCVSS 8.8PoCv7.072020-09-17
CVE-2020-11804 [HIGH] CWE-94 CVE-2020-11804: An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid,
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
nvd
CVE-2020-11700P3MEDIUMCVSS 6.5PoCv7.072020-09-17
CVE-2020-11700 [MEDIUM] CWE-22 CVE-2020-11700: An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.
nvd
CVE-2019-6800P3HIGHCVSS 7.5≥ 7.00, ≤ 7.032019-06-05
CVE-2019-6800 [HIGH] CWE-74 CVE-2019-6800: In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
nvd
CVE-2020-24046P3HIGHCVSS 7.2v7.072020-09-17
CVE-2020-24046 [HIGH] CWE-269 CVE-2020-24046: A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed thou
nvd
CVE-2020-24045P3HIGHCVSS 7.2v7.072020-09-17
CVE-2020-24045 [HIGH] CWE-345 CVE-2020-24045: A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should co
nvd
CVE-2018-15136P4MEDIUMCVSS 5.3fixed in 7.012019-01-30
CVE-2018-15136 [MEDIUM] CWE-20 CVE-2018-15136: TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypas
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.
nvd
CVE-2020-35658P4MEDIUMCVSS 5.3fixed in 7.092020-12-23
CVE-2020-35658 [MEDIUM] CWE-312 CVE-2020-35658: SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
nvd