Vulnerabilites related to titanhq - spamtitan
CVE-2020-11698 (GCVE-0-2020-11698)
Vulnerability from cvelistv5
Published
2020-09-17 16:28
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spamtitan.com/ | x_refsource_MISC | |
| https://github.com/felmoltor | x_refsource_MISC | |
| https://twitter.com/felmoltor | x_refsource_MISC | |
| https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.spamtitan.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-05T18:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.spamtitan.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.spamtitan.com/",
"refsource": "MISC",
"url": "https://www.spamtitan.com/"
},
{
"name": "https://github.com/felmoltor",
"refsource": "MISC",
"url": "https://github.com/felmoltor"
},
{
"name": "https://twitter.com/felmoltor",
"refsource": "MISC",
"url": "https://twitter.com/felmoltor"
},
{
"name": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"name": "http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11698",
"datePublished": "2020-09-17T16:28:20",
"dateReserved": "2020-04-10T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11803 (GCVE-0-2020-11803)
Vulnerability from cvelistv5
Published
2020-09-17 16:24
Modified
2024-08-04 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spamtitan.com/ | x_refsource_MISC | |
| https://github.com/felmoltor | x_refsource_MISC | |
| https://twitter.com/felmoltor | x_refsource_MISC | |
| https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:41:59.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.spamtitan.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T18:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.spamtitan.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.spamtitan.com/",
"refsource": "MISC",
"url": "https://www.spamtitan.com/"
},
{
"name": "https://github.com/felmoltor",
"refsource": "MISC",
"url": "https://github.com/felmoltor"
},
{
"name": "https://twitter.com/felmoltor",
"refsource": "MISC",
"url": "https://twitter.com/felmoltor"
},
{
"name": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"name": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11803",
"datePublished": "2020-09-17T16:24:01",
"dateReserved": "2020-04-15T00:00:00",
"dateUpdated": "2024-08-04T11:41:59.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24046 (GCVE-0-2020-24046)
Vulnerability from cvelistv5
Published
2020-09-17 16:39
Modified
2024-08-04 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/felmoltor | x_refsource_MISC | |
| https://twitter.com/felmoltor | x_refsource_MISC | |
| https://www.titanhq.com | x_refsource_MISC | |
| https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.titanhq.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-17T16:39:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.titanhq.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/felmoltor",
"refsource": "MISC",
"url": "https://github.com/felmoltor"
},
{
"name": "https://twitter.com/felmoltor",
"refsource": "MISC",
"url": "https://twitter.com/felmoltor"
},
{
"name": "https://www.titanhq.com",
"refsource": "MISC",
"url": "https://www.titanhq.com"
},
{
"name": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24046",
"datePublished": "2020-09-17T16:39:31",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:05:11.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24045 (GCVE-0-2020-24045)
Vulnerability from cvelistv5
Published
2020-09-17 16:37
Modified
2024-08-04 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/felmoltor | x_refsource_MISC | |
| https://twitter.com/felmoltor | x_refsource_MISC | |
| https://www.titanhq.com/ | x_refsource_MISC | |
| https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.titanhq.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-17T16:37:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.titanhq.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/felmoltor",
"refsource": "MISC",
"url": "https://github.com/felmoltor"
},
{
"name": "https://twitter.com/felmoltor",
"refsource": "MISC",
"url": "https://twitter.com/felmoltor"
},
{
"name": "https://www.titanhq.com/",
"refsource": "MISC",
"url": "https://www.titanhq.com/"
},
{
"name": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24045",
"datePublished": "2020-09-17T16:37:18",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:05:11.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6800 (GCVE-0-2019-6800)
Vulnerability from cvelistv5
Published
2019-06-05 18:05
Modified
2024-08-04 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spamtitan.com/category/spamtitan-news/ | x_refsource_CONFIRM | |
| https://write-up.github.io/CVE-2019-6800/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.spamtitan.com/category/spamtitan-news/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://write-up.github.io/CVE-2019-6800/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T18:05:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.spamtitan.com/category/spamtitan-news/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://write-up.github.io/CVE-2019-6800/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.spamtitan.com/category/spamtitan-news/",
"refsource": "CONFIRM",
"url": "https://www.spamtitan.com/category/spamtitan-news/"
},
{
"name": "https://write-up.github.io/CVE-2019-6800/",
"refsource": "MISC",
"url": "https://write-up.github.io/CVE-2019-6800/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6800",
"datePublished": "2019-06-05T18:05:02",
"dateReserved": "2019-01-24T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11699 (GCVE-0-2020-11699)
Vulnerability from cvelistv5
Published
2020-09-17 16:31
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spamtitan.com/ | x_refsource_MISC | |
| https://github.com/felmoltor | x_refsource_MISC | |
| https://twitter.com/felmoltor | x_refsource_MISC | |
| https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.spamtitan.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T18:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.spamtitan.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.spamtitan.com/",
"refsource": "MISC",
"url": "https://www.spamtitan.com/"
},
{
"name": "https://github.com/felmoltor",
"refsource": "MISC",
"url": "https://github.com/felmoltor"
},
{
"name": "https://twitter.com/felmoltor",
"refsource": "MISC",
"url": "https://twitter.com/felmoltor"
},
{
"name": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"name": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11699",
"datePublished": "2020-09-17T16:31:05",
"dateReserved": "2020-04-10T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11804 (GCVE-0-2020-11804)
Vulnerability from cvelistv5
Published
2020-09-17 16:26
Modified
2024-08-04 11:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/felmoltor | x_refsource_MISC | |
| https://twitter.com/felmoltor | x_refsource_MISC | |
| https://www.spamtitan.com | x_refsource_MISC | |
| https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.spamtitan.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T18:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.spamtitan.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/felmoltor",
"refsource": "MISC",
"url": "https://github.com/felmoltor"
},
{
"name": "https://twitter.com/felmoltor",
"refsource": "MISC",
"url": "https://twitter.com/felmoltor"
},
{
"name": "https://www.spamtitan.com",
"refsource": "MISC",
"url": "https://www.spamtitan.com"
},
{
"name": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"name": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11804",
"datePublished": "2020-09-17T16:26:45",
"dateReserved": "2020-04-15T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11700 (GCVE-0-2020-11700)
Vulnerability from cvelistv5
Published
2020-09-17 16:34
Modified
2024-08-04 11:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spamtitan.com/ | x_refsource_MISC | |
| https://github.com/felmoltor | x_refsource_MISC | |
| https://twitter.com/felmoltor | x_refsource_MISC | |
| https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | x_refsource_MISC | |
| http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.spamtitan.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T18:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.spamtitan.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/felmoltor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.spamtitan.com/",
"refsource": "MISC",
"url": "https://www.spamtitan.com/"
},
{
"name": "https://github.com/felmoltor",
"refsource": "MISC",
"url": "https://github.com/felmoltor"
},
{
"name": "https://twitter.com/felmoltor",
"refsource": "MISC",
"url": "https://twitter.com/felmoltor"
},
{
"name": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/",
"refsource": "MISC",
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"name": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11700",
"datePublished": "2020-09-17T16:34:18",
"dateReserved": "2020-04-10T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15136 (GCVE-0-2018-15136)
Vulnerability from cvelistv5
Published
2019-01-29 23:00
Modified
2024-08-05 09:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-29T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve",
"refsource": "MISC",
"url": "https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15136",
"datePublished": "2019-01-29T23:00:00",
"dateReserved": "2018-08-07T00:00:00",
"dateUpdated": "2024-08-05T09:46:25.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35658 (GCVE-0-2020-35658)
Vulnerability from cvelistv5
Published
2020-12-23 02:10
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.titanhq.com/en/13161-spamtitan-release-notes.html | x_refsource_MISC | |
| https://secator.pl/index.php/2020/12/23/cve-2020-35658/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.titanhq.com/en/13161-spamtitan-release-notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secator.pl/index.php/2020/12/23/cve-2020-35658/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T14:47:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.titanhq.com/en/13161-spamtitan-release-notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secator.pl/index.php/2020/12/23/cve-2020-35658/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.titanhq.com/en/13161-spamtitan-release-notes.html",
"refsource": "MISC",
"url": "https://docs.titanhq.com/en/13161-spamtitan-release-notes.html"
},
{
"name": "https://secator.pl/index.php/2020/12/23/cve-2020-35658/",
"refsource": "MISC",
"url": "https://secator.pl/index.php/2020/12/23/cve-2020-35658/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35658",
"datePublished": "2020-12-23T02:10:33",
"dateReserved": "2020-12-23T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-09-17 17:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://www.spamtitan.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spamtitan.com | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "237E0708-6807-472F-A18C-E72871D7C74D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Titan SpamTitan versi\u00f3n 7.07.\u0026#xa0;Debido a un saneamiento inapropiado del par\u00e1metro quid, utilizado en la p\u00e1gina mailqueue.php, una inyecci\u00f3n de c\u00f3digo puede ocurrir.\u0026#xa0;La entrada para este par\u00e1metro es proporcionada directamente por un usuario autenticado por medio de una petici\u00f3n GET HTTP"
}
],
"id": "CVE-2020-11804",
"lastModified": "2024-11-21T04:58:39.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-17T17:15:15.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-17 17:15
Modified
2024-11-21 05:14
Severity ?
Summary
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://www.titanhq.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.titanhq.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "237E0708-6807-472F-A18C-E72871D7C74D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de escape del sandbox en TitanHQ SpamTitan Gateway versi\u00f3n 7.07.\u0026#xa0;Limita al usuario administrador a un shell restringido, permitiendo una ejecuci\u00f3n de un peque\u00f1o n\u00famero de herramientas del sistema operativo.\u0026#xa0;El shell restringido puede ser omitido al presentar una imagen ISO vmware-tools falsa en la m\u00e1quina virtual invitada que ejecuta SpamTitan Gateway.\u0026#xa0;Esta imagen ISO debe contener un script Perl v\u00e1lido en la ruta vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl.\u0026#xa0;La imagen ISO falsa se montar\u00e1 y el script wmware-install.pl ser\u00e1 ejecutado con privilegios de superusuario tan pronto como se seleccione la opci\u00f3n oculta para instalar VMware Tools en el men\u00fa principal del shell restringido (opci\u00f3n n\u00famero 5).\u0026#xa0;El contenido del script puede ser lo que quiera el atacante, incluyendo una puerta trasera o similar"
}
],
"id": "CVE-2020-24045",
"lastModified": "2024-11-21T05:14:21.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-17T17:15:15.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.titanhq.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.titanhq.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-17 17:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://www.spamtitan.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spamtitan.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "237E0708-6807-472F-A18C-E72871D7C74D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Titan SpamTitan versi\u00f3n 7.07.\u0026#xa0;Un saneamiento inapropiado del par\u00e1metro fname, utilizado en la p\u00e1gina certs-x.php, permitir\u00eda a un atacante recuperar el contenido de archivos arbitrarios.\u0026#xa0;El usuario debe estar autenticado antes de interactuar con esta p\u00e1gina"
}
],
"id": "CVE-2020-11700",
"lastModified": "2024-11-21T04:58:25.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-17T17:15:15.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-17 17:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "237E0708-6807-472F-A18C-E72871D7C74D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Titan SpamTitan versi\u00f3n 7.07.\u0026#xa0;Un saneamiento de entrada inapropiada del par\u00e1metro community en la p\u00e1gina snmp-x.php permitir\u00eda a un atacante remoto inyectar comandos en el archivo snmpd.conf que permitir\u00eda ejecutar comandos en el servidor de destino"
}
],
"id": "CVE-2020-11698",
"lastModified": "2024-11-21T04:58:25.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-17T17:15:14.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159470/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160809/SpamTitan-7.07-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-17 17:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://www.spamtitan.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spamtitan.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "237E0708-6807-472F-A18C-E72871D7C74D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Titan SpamTitan versi\u00f3n 7.07.\u0026#xa0;Una comprobaci\u00f3n inapropiada del par\u00e1metro fname en la p\u00e1gina certs-x.php permitir\u00eda a un atacante ejecutar c\u00f3digo remoto en el servidor de destino.\u0026#xa0;El usuario debe estar autenticado antes de interactuar con esta p\u00e1gina"
}
],
"id": "CVE-2020-11699",
"lastModified": "2024-11-21T04:58:25.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-17T17:15:14.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-17 17:15
Modified
2024-11-21 05:14
Severity ?
Summary
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://www.titanhq.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.titanhq.com | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "237E0708-6807-472F-A18C-E72871D7C74D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating system file /etc/passwd. This file cannot be accessed though the restricted shell, but it can be modified by abusing the Backup/Import Backup functionality of the web interface. An authenticated attacker would be able to obtain the file /var/tmp/admin.passwd after executing a Backup operation. This file can be manually modified to change the GUID of the user to 0 (root) and change the restricted shell to a normal shell /bin/sh. After the modification is done, the file can be recompressed to a .tar.bz file and imported again via the Import Backup functionality. The properties of the admin user will be overwritten and a root shell will be granted to the user upon the next successful login."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de escape del sandbox en TitanHQ SpamTitan Gateway versi\u00f3n 7.07.\u0026#xa0;Limita al usuario administrador a un shell restringido, permitiendo una ejecuci\u00f3n de un peque\u00f1o n\u00famero de herramientas del sistema operativo.\u0026#xa0;Este shell restringido puede ser omitido despu\u00e9s de cambiar las propiedades del administrador del usuario en el archivo del sistema operativo /etc/passwd.\u0026#xa0;Este archivo no puede ser accedido por medio del shell restringido, pero puede ser modificado al abusar de la funcionalidad Backup/Import Backup de la interfaz web.\u0026#xa0;Un atacante autenticado podr\u00eda ser capaz de obtener el archivo /var/tmp/admin.passwd despu\u00e9s de ejecutar una operaci\u00f3n Backup.\u0026#xa0;Este archivo puede ser manualmente modificado para cambiar el GUID del usuario a 0 (root) y cambiar el shell restringido a un shell /bin/sh normal.\u0026#xa0;Despu\u00e9s de realizada la modificaci\u00f3n, el archivo puede ser comprimir nuevamente a .tar.\u0026#xa0;bz e importado de nuevo mediante la funcionalidad Import Backup.\u0026#xa0;Las propiedades del usuario administrador se sobrescribir\u00e1n y se le otorgar\u00e1 un shell ra\u00edz al usuario en el pr\u00f3ximo inicio de sesi\u00f3n exitoso"
}
],
"id": "CVE-2020-24046",
"lastModified": "2024-11-21T05:14:21.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-17T17:15:16.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.titanhq.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.titanhq.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-17 17:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/felmoltor | Third Party Advisory | |
| cve@mitre.org | https://www.spamtitan.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sensepost.com/blog/2020/clash-of-the-spamtitan/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/felmoltor | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spamtitan.com/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "237E0708-6807-472F-A18C-E72871D7C74D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Titan SpamTitan versi\u00f3n 7.07.\u0026#xa0;Un saneamiento inapropiado del par\u00e1metro jaction cuando interact\u00faa con la p\u00e1gina mailqueue.php, podr\u00eda conllevar a una evaluaci\u00f3n del c\u00f3digo PHP del lado del servidor, porque la entrada proporcionada por el usuario es pasada directamente a la funci\u00f3n php eval().\u0026#xa0;El usuario debe estar autenticado en la plataforma web antes de interactuar con la p\u00e1gina"
}
],
"id": "CVE-2020-11803",
"lastModified": "2024-11-21T04:58:39.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-17T17:15:15.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/159218/SpamTitan-7.07-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sensepost.com/blog/2020/clash-of-the-spamtitan/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/felmoltor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-23 03:15
Modified
2024-11-21 05:27
Severity ?
Summary
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.titanhq.com/en/13161-spamtitan-release-notes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://secator.pl/index.php/2020/12/23/cve-2020-35658/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.titanhq.com/en/13161-spamtitan-release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secator.pl/index.php/2020/12/23/cve-2020-35658/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BB4560-4DF1-4D37-A091-049ECE412F41",
"versionEndExcluding": "7.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted."
},
{
"lang": "es",
"value": "SpamTitan anterior a la versi\u00f3n 7.09 permite a los atacantes manipular las copias de seguridad, porque las copias de seguridad no est\u00e1n encriptadas."
}
],
"id": "CVE-2020-35658",
"lastModified": "2024-11-21T05:27:46.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-23T03:15:13.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.titanhq.com/en/13161-spamtitan-release-notes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secator.pl/index.php/2020/12/23/cve-2020-35658/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.titanhq.com/en/13161-spamtitan-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secator.pl/index.php/2020/12/23/cve-2020-35658/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
},
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 19:29
Modified
2024-11-21 04:47
Severity ?
Summary
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://write-up.github.io/CVE-2019-6800/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.spamtitan.com/category/spamtitan-news/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://write-up.github.io/CVE-2019-6800/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.spamtitan.com/category/spamtitan-news/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67402898-5AE1-4AC1-875E-A9194F3FB147",
"versionEndIncluding": "7.03",
"versionStartIncluding": "7.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands."
},
{
"lang": "es",
"value": "En TitanHQ SpamTitan hasta 7.03, existe una vulnerabilidad en la funci\u00f3n de actualizaci\u00f3n de la regla de spam. Las actualizaciones se descargan a trav\u00e9s de HTTP, incluidos los scripts que posteriormente se ejecutan con permisos de root. Un atacante con una posici\u00f3n de red privilegiada puede, de manera trivial, inyectar comandos arbitrarios."
}
],
"id": "CVE-2019-6800",
"lastModified": "2024-11-21T04:47:11.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T19:29:00.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://write-up.github.io/CVE-2019-6800/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/category/spamtitan-news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://write-up.github.io/CVE-2019-6800/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.spamtitan.com/category/spamtitan-news/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-30 15:29
Modified
2024-11-21 03:50
Severity ?
Summary
TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:titanhq:spamtitan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36F96143-8D50-4144-9374-D7BE53777F25",
"versionEndExcluding": "7.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application."
},
{
"lang": "es",
"value": "TitanHQ SpamTitan, en versiones anteriores a la 7.01, tiene una validaci\u00f3n de entradas incorrecta. Esto permite a los atacantes internos omitir el filtro antispam para enviar correos maliciosos a todo el personal de una determinada organizaci\u00f3n modificando las peticiones URL enviadas a la aplicaci\u00f3n."
}
],
"id": "CVE-2018-15136",
"lastModified": "2024-11-21T03:50:22.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-30T15:29:03.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fwhibbit.es/bypassing-spam-titan-my-first-cve"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}