Gplhost : Security Vulnerabilities, CVEs, CVSS score >= 7

CVE-2011-5275

The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
Max CVSS
7.5
EPSS Score
0.16%
Published
2014-03-21
Updated
2014-03-21

CVE-2011-5274

The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
Max CVSS
7.5
EPSS Score
0.20%
Published
2014-03-21
Updated
2014-03-24

CVE-2011-0434

Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
Max CVSS
7.5
EPSS Score
0.45%
Published
2011-03-07
Updated
2017-08-17

CVE-2009-0402

SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
Max CVSS
7.5
EPSS Score
0.78%
Published
2009-02-03
Updated
2017-08-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close