VYPR
Vendor

Gplhost

Products
3
CVEs
17
Across products
30
Status
Private

Products

3

Recent CVEs

17
  • CVE-2011-5276Mar 21, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.

  • CVE-2011-5275Mar 21, 2014
    risk 0.00cvss epss 0.01

    The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.

  • CVE-2011-5274Mar 21, 2014
    risk 0.00cvss epss 0.02

    The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.

  • CVE-2011-5273Mar 21, 2014
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.

  • CVE-2011-5272Mar 21, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT…

  • CVE-2011-3199Mar 21, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as…

  • CVE-2011-3198Mar 21, 2014
    risk 0.00cvss epss 0.00

    Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.

  • CVE-2011-3197Mar 21, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different…

  • CVE-2011-3196Mar 21, 2014
    risk 0.00cvss epss 0.00

    The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.

  • CVE-2011-3195Mar 21, 2014
    risk 0.00cvss epss 0.02

    shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.

  • CVE-2011-0437Mar 7, 2011
    risk 0.00cvss epss 0.02

    shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.

  • CVE-2011-0436Mar 7, 2011
    risk 0.00cvss epss 0.02

    The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2011-0435Mar 7, 2011
    risk 0.00cvss epss 0.02

    Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.

  • CVE-2011-0434Mar 7, 2011
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.

  • CVE-2009-0402Feb 3, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1,…

  • CVE-2008-4951Nov 5, 2008
    risk 0.00cvss epss 0.00

    dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts.

  • CVE-2007-3211Jun 14, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained…