VYPR

Spamtitan

by Spamtitan

CVEs (9)

  • CVE-2020-11698CriSep 17, 2020
    risk 0.73cvss 9.8epss 0.74

    An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.

  • CVE-2020-11804HigSep 17, 2020
    risk 0.61cvss 8.8epss 0.07

    An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.

  • CVE-2020-11803HigSep 17, 2020
    risk 0.61cvss 8.8epss 0.08

    An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has…

  • CVE-2020-11699HigSep 17, 2020
    risk 0.61cvss 8.8epss 0.10

    An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.

  • CVE-2020-11700MedSep 17, 2020
    risk 0.46cvss 6.5epss 0.07

    An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.

  • CVE-2020-35658MedDec 23, 2020
    risk 0.34cvss 5.3epss 0.01

    SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.

  • CVE-2011-5150Aug 31, 2012
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than…

  • CVE-2011-5149Aug 31, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to…

  • CVE-2014-2965Jul 3, 2014
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.