| Max CVSS | 6.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2011-3196 | 2.1 |
The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.
|
27-03-2014 - 22:02 | 21-03-2014 - 04:38 | |
| CVE-2011-3199 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (
|
27-03-2014 - 22:00 | 21-03-2014 - 04:38 | |
| CVE-2011-3197 | 6.5 |
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due
|
27-03-2014 - 21:59 | 21-03-2014 - 04:38 | |
| CVE-2011-5272 | 6.5 |
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011
|
24-03-2014 - 23:05 | 21-03-2014 - 04:38 | |
| CVE-2011-3198 | 2.1 |
Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.
|
21-03-2014 - 14:44 | 21-03-2014 - 04:38 | |
| CVE-2011-3195 | 6.5 |
shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
|
21-03-2014 - 14:37 | 21-03-2014 - 04:38 |