Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-0434 | 7.5 |
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
|
17-08-2017 - 01:33 | 07-03-2011 - 21:00 | |
CVE-2011-0437 | 4.0 |
shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.
|
17-08-2017 - 01:33 | 07-03-2011 - 21:00 | |
CVE-2011-0435 | 5.0 |
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.
|
17-08-2017 - 01:33 | 07-03-2011 - 21:00 | |
CVE-2011-0436 | 5.0 |
The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the
|
17-08-2017 - 01:33 | 07-03-2011 - 21:00 |