Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
titanhq webtitan vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2019-19015
An issue exists in TitanHQ WebTitan prior to 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker i...
Titanhq Webtitan
828
VMScore
CVE-2019-19017
An issue exists in TitanHQ WebTitan prior to 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.
Titanhq Webtitan
801
VMScore
CVE-2019-19020
An issue exists in TitanHQ WebTitan prior to 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an malicious user to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires t...
Titanhq Webtitan
756
VMScore
CVE-2019-19019
An issue exists in TitanHQ WebTitan prior to 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. Th...
Titanhq Webtitan
668
VMScore
CVE-2019-19021
An issue exists in TitanHQ WebTitan prior to 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.
Titanhq Webtitan
641
VMScore
CVE-2019-19014
An issue exists in TitanHQ WebTitan prior to 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access.
Titanhq Webtitan
445
VMScore
CVE-2019-19016
An issue exists in TitanHQ WebTitan prior to 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an malicious user to extract sensitive information from the appliance da...
Titanhq Webtitan
445
VMScore
CVE-2017-18227
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.
Titanhq Webtitan Gateway -
356
VMScore
CVE-2019-19018
An issue exists in TitanHQ WebTitan prior to 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using.
Titanhq Webtitan
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started