SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.32.7 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |
SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gplhost | domain_technologie_control | 0.29.16 |
| gplhost | domain_technologie_control | 0.26.9 |
| gplhost | domain_technologie_control | 0.32.3 |
| gplhost | domain_technologie_control | 0.29.6 |
| gplhost | domain_technologie_control | 0.32.1 |
| gplhost | domain_technologie_control | 0.29.10 |
| gplhost | domain_technologie_control | 0.29.14 |
| gplhost | domain_technologie_control | 0.28.3 |
| gplhost | domain_technologie_control | 0.28.4 |
| gplhost | domain_technologie_control | 0.30.6 |
| gplhost | domain_technologie_control | 0.32.5 |
| gplhost | domain_technologie_control | 0.24.6 |
| gplhost | domain_technologie_control | 0.25.2 |
| gplhost | domain_technologie_control | 0.29.1 |
| gplhost | domain_technologie_control | 0.28.2 |
| gplhost | domain_technologie_control | 0.26.8 |
| gplhost | domain_technologie_control | 0.29.8 |
| gplhost | domain_technologie_control | 0.30.18 |
| gplhost | domain_technologie_control | 0.29.15 |
| gplhost | domain_technologie_control | 0.30.8 |
| gplhost | domain_technologie_control | 0.32.4 |
| gplhost | domain_technologie_control | 0.32.2 |
| gplhost | domain_technologie_control | 0.32.6 |
| gplhost | domain_technologie_control | 0.27.3 |
| gplhost | domain_technologie_control | 0.26.7 |
| gplhost | domain_technologie_control | 0.25.1 |
| gplhost | domain_technologie_control | 0.28.9 |
| gplhost | domain_technologie_control | 0.30.10 |
| gplhost | domain_technologie_control | 0.28.10 |
| gplhost | domain_technologie_control | 0.28.6 |
| gplhost | domain_technologie_control | 0.30.20 |
| gplhost | domain_technologie_control | * |
| gplhost | domain_technologie_control | 0.29.17 |
| gplhost | domain_technologie_control | 0.25.3 |