Spamtitan
by Spamtitan
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11698 | Cri | 0.73 | 9.8 | 0.74 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. | ||
| CVE-2020-11804 | Hig | 0.61 | 8.8 | 0.07 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. | ||
| CVE-2020-11803 | Hig | 0.61 | 8.8 | 0.08 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has… | ||
| CVE-2020-11699 | Hig | 0.61 | 8.8 | 0.10 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. | ||
| CVE-2020-11700 | Med | 0.46 | 6.5 | 0.07 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. | ||
| CVE-2020-35658 | Med | 0.34 | 5.3 | 0.01 | Dec 23, 2020 | SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | ||
| CVE-2011-5150 | 0.03 | — | 0.01 | Aug 31, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than… | |||
| CVE-2011-5149 | 0.03 | — | 0.02 | Aug 31, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to… | |||
| CVE-2014-2965 | 0.00 | — | 0.03 | Jul 3, 2014 | Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter. |
- risk 0.73cvss 9.8epss 0.74
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.
- risk 0.61cvss 8.8epss 0.07
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
- risk 0.61cvss 8.8epss 0.08
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has…
- risk 0.61cvss 8.8epss 0.10
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.
- risk 0.46cvss 6.5epss 0.07
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.
- risk 0.34cvss 5.3epss 0.01
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
- CVE-2011-5150Aug 31, 2012risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than…
- CVE-2011-5149Aug 31, 2012risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to…
- CVE-2014-2965Jul 3, 2014risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.