Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    32 vulnerabilities by gplhost

    CVE-2011-5276 (GCVE-0-2011-5276)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-09-16 20:53
    VLAI
    Summary
    SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:47.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5276",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5276",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:53:26.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5275 (GCVE-0-2011-5275)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-09-16 23:11
    VLAI
    Summary
    The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5275",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5275",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:11:36.243Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5274 (GCVE-0-2011-5274)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-09-16 16:47
    VLAI
    Summary
    The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5274",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5274",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:47:43.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5273 (GCVE-0-2011-5273)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-09-16 16:13
    VLAI
    Summary
    Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5273",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:13:59.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5272 (GCVE-0-2011-5272)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php.  NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5272",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php.  NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5272",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:53.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3199 (GCVE-0-2011-3199)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:56.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the \"Domain root TXT record:\" field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3199",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the \"Domain root TXT record:\" field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3199",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:56.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3198 (GCVE-0-2011-3198)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3198",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3198",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3197 (GCVE-0-2011-3197)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487"
              },
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php.  NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487"
            },
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3197",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php.  NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487"
                },
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3197",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3196 (GCVE-0-2011-3196)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3196",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3195 (GCVE-0-2011-3195)

    Vulnerability from nvd – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3195",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0437 (GCVE-0-2011-0437)

    Vulnerability from nvd – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:08.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43523"
              },
              {
                "name": "ADV-2011-0556",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0556"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=9b75112fc12fead5740b1aaf0df562b5a9045ec0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
              },
              {
                "name": "DSA-2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2179"
              },
              {
                "name": "dtc-ssh-sec-bypass(65897)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65897"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
              },
              {
                "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=c97ab4ae43945de36534c40004d713b3b10113db"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43523"
            },
            {
              "name": "ADV-2011-0556",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0556"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=9b75112fc12fead5740b1aaf0df562b5a9045ec0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
            },
            {
              "name": "DSA-2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2179"
            },
            {
              "name": "dtc-ssh-sec-bypass(65897)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65897"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
            },
            {
              "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=c97ab4ae43945de36534c40004d713b3b10113db"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0437",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43523"
                },
                {
                  "name": "ADV-2011-0556",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0556"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
                },
                {
                  "name": "DSA-2179",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2179"
                },
                {
                  "name": "dtc-ssh-sec-bypass(65897)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65897"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
                },
                {
                  "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                  "refsource": "MLIST",
                  "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0437",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:08.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0436 (GCVE-0-2011-0436)

    Vulnerability from nvd – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:08.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43523"
              },
              {
                "name": "ADV-2011-0556",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0556"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
              },
              {
                "name": "[oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/02/22/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=adffff7efb3687ff465ee0552a944dd3109f3cb0"
              },
              {
                "name": "DSA-2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2179"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=f8e3b2d7cc2da313addc05394568ab9599499285"
              },
              {
                "name": "dtc-passwords-info-disc(65898)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65898"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
              },
              {
                "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43523"
            },
            {
              "name": "ADV-2011-0556",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0556"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
            },
            {
              "name": "[oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/02/22/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=adffff7efb3687ff465ee0552a944dd3109f3cb0"
            },
            {
              "name": "DSA-2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2179"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=f8e3b2d7cc2da313addc05394568ab9599499285"
            },
            {
              "name": "dtc-passwords-info-disc(65898)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65898"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
            },
            {
              "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0436",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43523"
                },
                {
                  "name": "ADV-2011-0556",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0556"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
                },
                {
                  "name": "[oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/02/22/1"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0"
                },
                {
                  "name": "DSA-2179",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2179"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285"
                },
                {
                  "name": "dtc-passwords-info-disc(65898)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65898"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
                },
                {
                  "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                  "refsource": "MLIST",
                  "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0436",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:08.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0435 (GCVE-0-2011-0435)

    Vulnerability from nvd – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:09.073Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43523"
              },
              {
                "name": "ADV-2011-0556",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0556"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
              },
              {
                "name": "DSA-2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2179"
              },
              {
                "name": "dtc-bwpermonth-info-disc(65896)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65896"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
              },
              {
                "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43523"
            },
            {
              "name": "ADV-2011-0556",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0556"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
            },
            {
              "name": "DSA-2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2179"
            },
            {
              "name": "dtc-bwpermonth-info-disc(65896)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65896"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
            },
            {
              "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0435",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43523"
                },
                {
                  "name": "ADV-2011-0556",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0556"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
                },
                {
                  "name": "DSA-2179",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2179"
                },
                {
                  "name": "dtc-bwpermonth-info-disc(65896)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65896"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
                },
                {
                  "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                  "refsource": "MLIST",
                  "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0435",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:09.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0434 (GCVE-0-2011-0434)

    Vulnerability from nvd – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:09.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43523"
              },
              {
                "name": "ADV-2011-0556",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0556"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
              },
              {
                "name": "dtc-cid-sql-injection(65895)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
              },
              {
                "name": "DSA-2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2179"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
              },
              {
                "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43523"
            },
            {
              "name": "ADV-2011-0556",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0556"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
            },
            {
              "name": "dtc-cid-sql-injection(65895)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
            },
            {
              "name": "DSA-2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2179"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
            },
            {
              "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0434",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43523"
                },
                {
                  "name": "ADV-2011-0556",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0556"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
                },
                {
                  "name": "dtc-cid-sql-injection(65895)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65895"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
                },
                {
                  "name": "DSA-2179",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2179"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
                },
                {
                  "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                  "refsource": "MLIST",
                  "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0434",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:09.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0402 (GCVE-0-2009-0402)

    Vulnerability from nvd – Published: 2009-02-03 19:00 – Updated: 2024-08-07 04:31
    VLAI
    Summary
    SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33496 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://freshmeat.net/projects/dtc/?branch_id=2275… x_refsource_CONFIRM
    http://osvdb.org/51631 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/33698 third-party-advisoryx_refsource_SECUNIA
    http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=comm… x_refsource_CONFIRM
    Date Public
    2009-01-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:31:26.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33496",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33496"
              },
              {
                "name": "domaintechnologie-newaccount-sql-injection(48292)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48292"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://freshmeat.net/projects/dtc/?branch_id=22759\u0026release_id=292973"
              },
              {
                "name": "51631",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51631"
              },
              {
                "name": "33698",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33698"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a410e2aab1c1c3e969247d"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "33496",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33496"
            },
            {
              "name": "domaintechnologie-newaccount-sql-injection(48292)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48292"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://freshmeat.net/projects/dtc/?branch_id=22759\u0026release_id=292973"
            },
            {
              "name": "51631",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51631"
            },
            {
              "name": "33698",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33698"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a410e2aab1c1c3e969247d"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0402",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33496",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33496"
                },
                {
                  "name": "domaintechnologie-newaccount-sql-injection(48292)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48292"
                },
                {
                  "name": "http://freshmeat.net/projects/dtc/?branch_id=22759\u0026release_id=292973",
                  "refsource": "CONFIRM",
                  "url": "http://freshmeat.net/projects/dtc/?branch_id=22759\u0026release_id=292973"
                },
                {
                  "name": "51631",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51631"
                },
                {
                  "name": "33698",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33698"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=056e1d1849ff3aa183a410e2aab1c1c3e969247d",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=056e1d1849ff3aa183a410e2aab1c1c3e969247d"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0402",
        "datePublished": "2009-02-03T19:00:00.000Z",
        "dateReserved": "2009-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:31:26.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3195 (GCVE-0-2011-3195)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637477"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3195",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3198 (GCVE-0-2011-3198)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3198",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process and its arguments."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637537"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3198",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5272 (GCVE-0-2011-5272)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php.  NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5272",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php.  NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5272",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:53.967Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3196 (GCVE-0-2011-3196)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637485"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3196",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5273 (GCVE-0-2011-5273)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-09-16 16:13
    VLAI
    Summary
    Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637629"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5273",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:13:59.802Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5275 (GCVE-0-2011-5275)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-09-16 23:11
    VLAI
    Summary
    The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5275",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5275",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:11:36.243Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3199 (GCVE-0-2011-3199)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:56.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the \"Domain root TXT record:\" field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3199",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the \"Domain root TXT record:\" field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3199",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:56.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3197 (GCVE-0-2011-3197)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487"
              },
              {
                "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
              },
              {
                "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php.  NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T18:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487"
            },
            {
              "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
            },
            {
              "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3197",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php.  NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637487"
                },
                {
                  "name": "[oss-security] 20110813 Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/13/1"
                },
                {
                  "name": "[oss-security] 20110824 Re: Re: CVE request: multiple vulnerabilities in dtc",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/24/10"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637498"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3197",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5276 (GCVE-0-2011-5276)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-09-16 20:53
    VLAI
    Summary
    SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:47.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5276",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637632"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5276",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:53:26.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5274 (GCVE-0-2011-5274)

    Vulnerability from cvelistv5 – Published: 2014-03-20 19:00 – Updated: 2024-09-16 16:47
    VLAI
    Summary
    The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64"
              },
              {
                "name": "DSA-2365",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2365"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-20T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=541d8457a6989a1a925bb866ed972a5f07c2de64"
            },
            {
              "name": "DSA-2365",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2365"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bh=dec9970db76b82295e9003ca34cecab8d629da4f%3Bhb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5274",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64"
                },
                {
                  "name": "DSA-2365",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2365"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5274",
        "datePublished": "2014-03-20T19:00:00.000Z",
        "dateReserved": "2014-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:47:43.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0437 (GCVE-0-2011-0437)

    Vulnerability from cvelistv5 – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:08.958Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43523"
              },
              {
                "name": "ADV-2011-0556",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0556"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=9b75112fc12fead5740b1aaf0df562b5a9045ec0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
              },
              {
                "name": "DSA-2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2179"
              },
              {
                "name": "dtc-ssh-sec-bypass(65897)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65897"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
              },
              {
                "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=c97ab4ae43945de36534c40004d713b3b10113db"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43523"
            },
            {
              "name": "ADV-2011-0556",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0556"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=9b75112fc12fead5740b1aaf0df562b5a9045ec0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
            },
            {
              "name": "DSA-2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2179"
            },
            {
              "name": "dtc-ssh-sec-bypass(65897)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65897"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
            },
            {
              "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=c97ab4ae43945de36534c40004d713b3b10113db"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0437",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43523"
                },
                {
                  "name": "ADV-2011-0556",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0556"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
                },
                {
                  "name": "DSA-2179",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2179"
                },
                {
                  "name": "dtc-ssh-sec-bypass(65897)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65897"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
                },
                {
                  "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                  "refsource": "MLIST",
                  "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0437",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:08.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0434 (GCVE-0-2011-0434)

    Vulnerability from cvelistv5 – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:09.059Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43523"
              },
              {
                "name": "ADV-2011-0556",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0556"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
              },
              {
                "name": "dtc-cid-sql-injection(65895)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
              },
              {
                "name": "DSA-2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2179"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
              },
              {
                "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43523"
            },
            {
              "name": "ADV-2011-0556",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0556"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
            },
            {
              "name": "dtc-cid-sql-injection(65895)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
            },
            {
              "name": "DSA-2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2179"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
            },
            {
              "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0434",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43523"
                },
                {
                  "name": "ADV-2011-0556",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0556"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
                },
                {
                  "name": "dtc-cid-sql-injection(65895)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65895"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
                },
                {
                  "name": "DSA-2179",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2179"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
                },
                {
                  "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                  "refsource": "MLIST",
                  "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0434",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:09.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0435 (GCVE-0-2011-0435)

    Vulnerability from cvelistv5 – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:09.073Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43523"
              },
              {
                "name": "ADV-2011-0556",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0556"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
              },
              {
                "name": "DSA-2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2179"
              },
              {
                "name": "dtc-bwpermonth-info-disc(65896)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65896"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
              },
              {
                "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43523"
            },
            {
              "name": "ADV-2011-0556",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0556"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
            },
            {
              "name": "DSA-2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2179"
            },
            {
              "name": "dtc-bwpermonth-info-disc(65896)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65896"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=e94e8b9cc354bfcaeb284d5331b815256bb46162"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
            },
            {
              "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0435",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43523"
                },
                {
                  "name": "ADV-2011-0556",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0556"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e"
                },
                {
                  "name": "DSA-2179",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2179"
                },
                {
                  "name": "dtc-bwpermonth-info-disc(65896)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65896"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
                },
                {
                  "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                  "refsource": "MLIST",
                  "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0435",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:09.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0436 (GCVE-0-2011-0436)

    Vulnerability from cvelistv5 – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:51
    VLAI
    Summary
    The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:51:08.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "43523",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43523"
              },
              {
                "name": "ADV-2011-0556",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0556"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
              },
              {
                "name": "[oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/02/22/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=adffff7efb3687ff465ee0552a944dd3109f3cb0"
              },
              {
                "name": "DSA-2179",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2179"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=f8e3b2d7cc2da313addc05394568ab9599499285"
              },
              {
                "name": "dtc-passwords-info-disc(65898)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65898"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
              },
              {
                "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "43523",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43523"
            },
            {
              "name": "ADV-2011-0556",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0556"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
            },
            {
              "name": "[oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/02/22/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=adffff7efb3687ff465ee0552a944dd3109f3cb0"
            },
            {
              "name": "DSA-2179",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2179"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=f8e3b2d7cc2da313addc05394568ab9599499285"
            },
            {
              "name": "dtc-passwords-info-disc(65898)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65898"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
            },
            {
              "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0436",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "43523",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43523"
                },
                {
                  "name": "ADV-2011-0556",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0556"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog"
                },
                {
                  "name": "[oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/02/22/1"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0"
                },
                {
                  "name": "DSA-2179",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2179"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285"
                },
                {
                  "name": "dtc-passwords-info-disc(65898)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65898"
                },
                {
                  "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog",
                  "refsource": "CONFIRM",
                  "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog"
                },
                {
                  "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update",
                  "refsource": "MLIST",
                  "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0436",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2011-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:51:08.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0402 (GCVE-0-2009-0402)

    Vulnerability from cvelistv5 – Published: 2009-02-03 19:00 – Updated: 2024-08-07 04:31
    VLAI
    Summary
    SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33496 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://freshmeat.net/projects/dtc/?branch_id=2275… x_refsource_CONFIRM
    http://osvdb.org/51631 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/33698 third-party-advisoryx_refsource_SECUNIA
    http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=comm… x_refsource_CONFIRM
    Date Public
    2009-01-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:31:26.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33496",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33496"
              },
              {
                "name": "domaintechnologie-newaccount-sql-injection(48292)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48292"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://freshmeat.net/projects/dtc/?branch_id=22759\u0026release_id=292973"
              },
              {
                "name": "51631",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51631"
              },
              {
                "name": "33698",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33698"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a410e2aab1c1c3e969247d"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "33496",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33496"
            },
            {
              "name": "domaintechnologie-newaccount-sql-injection(48292)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48292"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://freshmeat.net/projects/dtc/?branch_id=22759\u0026release_id=292973"
            },
            {
              "name": "51631",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51631"
            },
            {
              "name": "33698",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33698"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a410e2aab1c1c3e969247d"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0402",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33496",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33496"
                },
                {
                  "name": "domaintechnologie-newaccount-sql-injection(48292)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48292"
                },
                {
                  "name": "http://freshmeat.net/projects/dtc/?branch_id=22759\u0026release_id=292973",
                  "refsource": "CONFIRM",
                  "url": "http://freshmeat.net/projects/dtc/?branch_id=22759\u0026release_id=292973"
                },
                {
                  "name": "51631",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51631"
                },
                {
                  "name": "33698",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33698"
                },
                {
                  "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=056e1d1849ff3aa183a410e2aab1c1c3e969247d",
                  "refsource": "CONFIRM",
                  "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=056e1d1849ff3aa183a410e2aab1c1c3e969247d"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0402",
        "datePublished": "2009-02-03T19:00:00.000Z",
        "dateReserved": "2009-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:31:26.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }