WebTitan < 3.60 - Local File Inclusion

Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. dot dot in the fname parameter in a view action. id: CVE-2011-4640 info: name: WebTitan 3.60 - Local File Inclusion author: ctflearner severity:...

EUVD-2019-16356

Malware in sbrugna...

EUVD-2011-5049

Malware in sbrugna...

EUVD-2014-2987

Malware in sbrugna...

EUVD-2024-54897

Malicious code in bioql PyPI...

PT-2025-34239

Name of the Vulnerable Software and Affected Versions: SpamTitan Email Security Gateway versions 8.00.0 through 8.00.100 SpamTitan Email Security Gateway versions 8.01.0 through 8.01.13 Description: The quarantine.php file within the SpamTitan interface allows unauthenticated users to trigger...

CVE-2011-5150

Multiple cross-site scripting XSS vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the 1 ipaddress or 2 domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance ...

Spamscanner - Spam Scanner Is The Best Anti-Spam, Email Filtering, And Phishing Prevention Service

Spam Scanner is the best anti-spam, email filtering, and phishing prevention service. Spam Scanner is a drop-in replacement and the best alternative to SpamAssassin, rspamd, SpamTitan, and more. Foreword Spam Scanner is a tool and service built by @niftylettuce after hitting countless roadblocks...

Metasploit Wrap-Up

Struts2 Multi Eval OGNL RCE Our very own zeroSteiner added exploit/multi/http/struts2multievalognl, which exploits Struts2 evaluating OGNL expressions in HTML attributes multiple times CVE-2019-0230 and CVE-2020-17530. The CVE-2019-0230 OGNL chain for remote code execution requires a one-time cha...

SpamTitan 7.07 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SpamTitan Unauthenticated RCE', 'Description' = %q TitanHQ SpamTitan Gateway is an anti-spam appliance that protects against unwanted emails and...

CVE-2020-35658

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

Design/Logic Flaw

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

CVE-2020-35658

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

CVE-2020-35658

CVE-2020-35658 affects SpamTitan before version 7.09. The vulnerability arises because backups are not encrypted, enabling attackers to tamper with backups and potentially impact data integrity. The NVD entry lists CVSS v2 base score 5.0 (MEDIUM) with network access, low attack complexity, and pa...

SpamTitan 7.07 - Unauthenticated Remote Code Execution

Exploit Title: SpamTitan 7.07 - Unauthenticated Remote Code Execution Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

SpamTitan 7.07 Remote Code Execution

Exploit Title: SpamTitan 7.07 - Unauthenticated Remote Code Execution Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

SpamTitan 7.07 - Remote Code Execution (Authenticated)

Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

SpamTitan 7.07 Remote Code Execution

Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

CVE-2020-11804

An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request...

CVE-2020-11700

Titan SpamTitan 7.07 contains an arbitrary file-read vulnerability in certs-x.php caused by improper sanitization of the fname parameter. An authenticated attacker can retrieve contents of arbitrary files. Connected sources (Red Hat, CNVD, CVE records) corroborate the issue and page/certs-x.php c...