Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
titanhq webtitan vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-19015
An issue exists in TitanHQ WebTitan prior to 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker i...
Titanhq Webtitan
9.3
CVSSv2
CVE-2019-19017
An issue exists in TitanHQ WebTitan prior to 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.
Titanhq Webtitan
9
CVSSv2
CVE-2019-19020
An issue exists in TitanHQ WebTitan prior to 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an malicious user to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires t...
Titanhq Webtitan
8.5
CVSSv2
CVE-2019-19019
An issue exists in TitanHQ WebTitan prior to 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. Th...
Titanhq Webtitan
7.5
CVSSv2
CVE-2019-19021
An issue exists in TitanHQ WebTitan prior to 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.
Titanhq Webtitan
7.2
CVSSv2
CVE-2019-19014
An issue exists in TitanHQ WebTitan prior to 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.
Titanhq Webtitan
5
CVSSv2
CVE-2019-19016
An issue exists in TitanHQ WebTitan prior to 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an malicious user to extract sensitive information from the appliance da...
Titanhq Webtitan
5
CVSSv2
CVE-2017-18227
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.
Titanhq Webtitan Gateway -
4
CVSSv2
CVE-2019-19018
An issue exists in TitanHQ WebTitan prior to 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.
Titanhq Webtitan
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started