MidnightBSD

Advisories for gplhost

CVE-2009-0402 HIGH

SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
CVE-2011-0434 HIGH

Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-0435 MEDIUM

Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-0436 MEDIUM

The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-0437 MEDIUM

shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-3195 MEDIUM

shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-3196 LOW

The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-3197 MEDIUM

SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-3198 LOW

Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-3199 LOW

Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-5272 MEDIUM

SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-5273 MEDIUM

Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-5274 HIGH

The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-5275 HIGH

The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.32.7
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3
CVE-2011-5276 MEDIUM

SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
gplhost domain_technologie_control 0.29.16
gplhost domain_technologie_control 0.26.9
gplhost domain_technologie_control 0.32.3
gplhost domain_technologie_control 0.29.6
gplhost domain_technologie_control 0.32.1
gplhost domain_technologie_control 0.29.10
gplhost domain_technologie_control 0.29.14
gplhost domain_technologie_control 0.28.3
gplhost domain_technologie_control 0.28.4
gplhost domain_technologie_control 0.30.6
gplhost domain_technologie_control 0.32.5
gplhost domain_technologie_control 0.24.6
gplhost domain_technologie_control 0.25.2
gplhost domain_technologie_control 0.29.1
gplhost domain_technologie_control 0.28.2
gplhost domain_technologie_control 0.26.8
gplhost domain_technologie_control 0.29.8
gplhost domain_technologie_control 0.30.18
gplhost domain_technologie_control 0.29.15
gplhost domain_technologie_control 0.30.8
gplhost domain_technologie_control 0.32.4
gplhost domain_technologie_control 0.32.2
gplhost domain_technologie_control 0.32.6
gplhost domain_technologie_control 0.27.3
gplhost domain_technologie_control 0.26.7
gplhost domain_technologie_control 0.25.1
gplhost domain_technologie_control 0.28.9
gplhost domain_technologie_control 0.30.10
gplhost domain_technologie_control 0.28.10
gplhost domain_technologie_control 0.28.6
gplhost domain_technologie_control 0.30.20
gplhost domain_technologie_control *
gplhost domain_technologie_control 0.29.17
gplhost domain_technologie_control 0.25.3