VYPR
Vendor

Spamtitan

Products
2
CVEs
12
Across products
12
Status
Private

Products

2

Recent CVEs

12
  • CVE-2020-11698CriSep 17, 2020
    risk 0.73cvss 9.8epss 0.74

    An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.

  • CVE-2020-11804HigSep 17, 2020
    risk 0.61cvss 8.8epss 0.07

    An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.

  • CVE-2020-11803HigSep 17, 2020
    risk 0.61cvss 8.8epss 0.08

    An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has…

  • CVE-2020-11699HigSep 17, 2020
    risk 0.61cvss 8.8epss 0.10

    An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.

  • CVE-2020-11700MedSep 17, 2020
    risk 0.46cvss 6.5epss 0.07

    An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.

  • CVE-2020-35658MedDec 23, 2020
    risk 0.34cvss 5.3epss 0.01

    SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.

  • CVE-2011-4640Oct 8, 2012
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.

  • CVE-2011-5150Aug 31, 2012
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than…

  • CVE-2011-5149Aug 31, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to…

  • CVE-2014-2965Jul 3, 2014
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.

  • CVE-2011-4639Oct 8, 2012
    risk 0.00cvss epss 0.01

    The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.

  • CVE-2011-4638Oct 8, 2012
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3)…