Vulnerabilities > Gplhost
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-03-21 | CVE-2011-5276 | SQL Injection vulnerability in Gplhost Domain Technologie Control SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter. | 6.5 |
| 2014-03-21 | CVE-2011-5275 | Permissions, Privileges, and Access Controls vulnerability in Gplhost Domain Technologie Control The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges. | 7.5 |
| 2014-03-21 | CVE-2011-5274 | Arbitrary Command Execution vulnerability in Domain Technologie Control The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/. | 7.5 |
| 2014-03-21 | CVE-2011-5273 | Path Traversal vulnerability in Gplhost Domain Technologie Control Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. | 6.5 |
| 2014-03-21 | CVE-2011-5272 | SQL Injection vulnerability in Gplhost Domain Technologie Control SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. | 6.5 |
| 2014-03-21 | CVE-2011-3199 | Cross-Site Scripting vulnerability in Gplhost Domain Technologie Control Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field. | 3.5 |
| 2014-03-21 | CVE-2011-3198 | Credentials Management vulnerability in Gplhost Domain Technologie Control Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments. | 2.1 |
| 2014-03-21 | CVE-2011-3197 | SQL Injection vulnerability in Gplhost Domain Technologie Control SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. | 6.5 |
| 2014-03-21 | CVE-2011-3196 | Permissions, Privileges, and Access Controls vulnerability in Gplhost Domain Technologie Control The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file. | 2.1 |
| 2014-03-21 | CVE-2011-3195 | Improper Input Validation vulnerability in Gplhost Domain Technologie Control shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options. | 6.5 |