Vulnerabilities > Gplhost

DATE CVE VULNERABILITY TITLE RISK
2014-03-21 CVE-2011-5276 SQL Injection vulnerability in Gplhost Domain Technologie Control
SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.
network
low complexity
gplhost CWE-89
6.5
2014-03-21 CVE-2011-5275 Permissions, Privileges, and Access Controls vulnerability in Gplhost Domain Technologie Control
The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
network
low complexity
gplhost CWE-264
7.5
2014-03-21 CVE-2011-5274 Arbitrary Command Execution vulnerability in Domain Technologie Control
The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
network
low complexity
gplhost
7.5
2014-03-21 CVE-2011-5273 Path Traversal vulnerability in Gplhost Domain Technologie Control
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a ..
network
low complexity
gplhost CWE-22
6.5
2014-03-21 CVE-2011-5272 SQL Injection vulnerability in Gplhost Domain Technologie Control
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php.
network
low complexity
gplhost CWE-89
6.5
2014-03-21 CVE-2011-3199 Cross-Site Scripting vulnerability in Gplhost Domain Technologie Control
Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.
network
gplhost CWE-79
3.5
2014-03-21 CVE-2011-3198 Credentials Management vulnerability in Gplhost Domain Technologie Control
Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.
local
low complexity
gplhost CWE-255
2.1
2014-03-21 CVE-2011-3197 SQL Injection vulnerability in Gplhost Domain Technologie Control
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php.
network
low complexity
gplhost CWE-89
6.5
2014-03-21 CVE-2011-3196 Permissions, Privileges, and Access Controls vulnerability in Gplhost Domain Technologie Control
The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.
local
low complexity
gplhost CWE-264
2.1
2014-03-21 CVE-2011-3195 Improper Input Validation vulnerability in Gplhost Domain Technologie Control
shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
network
low complexity
gplhost CWE-20
6.5