In TitanHQ SpamTitan up to and including 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
titanhq spamtitan |