Spamtitan
Products
2- 9 CVEs
- 3 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11698 | Cri | 0.73 | 9.8 | 0.74 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. | ||
| CVE-2020-11804 | Hig | 0.61 | 8.8 | 0.07 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. | ||
| CVE-2020-11803 | Hig | 0.61 | 8.8 | 0.08 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has… | ||
| CVE-2020-11699 | Hig | 0.61 | 8.8 | 0.10 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page. | ||
| CVE-2020-11700 | Med | 0.46 | 6.5 | 0.07 | Sep 17, 2020 | An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. | ||
| CVE-2020-35658 | Med | 0.34 | 5.3 | 0.01 | Dec 23, 2020 | SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | ||
| CVE-2011-4640 | 0.04 | — | 0.07 | Oct 8, 2012 | Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action. | |||
| CVE-2011-5150 | 0.03 | — | 0.01 | Aug 31, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than… | |||
| CVE-2011-5149 | 0.03 | — | 0.02 | Aug 31, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to… | |||
| CVE-2014-2965 | 0.00 | — | 0.03 | Jul 3, 2014 | Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter. | |||
| CVE-2011-4639 | 0.00 | — | 0.01 | Oct 8, 2012 | The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence. | |||
| CVE-2011-4638 | 0.00 | — | 0.01 | Oct 8, 2012 | Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3)… |
- risk 0.73cvss 9.8epss 0.74
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.
- risk 0.61cvss 8.8epss 0.07
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
- risk 0.61cvss 8.8epss 0.08
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has…
- risk 0.61cvss 8.8epss 0.10
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.
- risk 0.46cvss 6.5epss 0.07
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.
- risk 0.34cvss 5.3epss 0.01
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
- CVE-2011-4640Oct 8, 2012risk 0.04cvss —epss 0.07
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action.
- CVE-2011-5150Aug 31, 2012risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than…
- CVE-2011-5149Aug 31, 2012risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to…
- CVE-2014-2965Jul 3, 2014risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.
- CVE-2011-4639Oct 8, 2012risk 0.00cvss —epss 0.01
The (1) Traceroute and (2) Ping implementations in tools.php in SpamTitan WebTitan before 3.60 allow remote authenticated users to execute arbitrary commands via shell metacharacters in an argument, as demonstrated by an && (ampersand ampersand) sequence.
- CVE-2011-4638Oct 8, 2012risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3)…