Lucene search
GoogleOSV:DSA-2179-1HistoryMar 02, 2011 - 12:00 a.m.
dtc - SQL injection
2011-03-0200:00:00
Google
osv.dev
10
EPSS
0.007
Percentile
80.4%
Ansgar Burchardt discovered several vulnerabilities in DTC, a web
control panel for admin and accounting hosting services.
- CVE-2011-0434
The bw_per_moth.php graph contains an SQL injection vulnerability. - CVE-2011-0435
Insufficient checks in bw_per_month.php can lead to bandwidth
usage information disclosure. - CVE-2011-0436
After a registration, passwords are sent in cleartext
email messages. - CVE-2011-0437
Authenticated users could delete accounts using an obsolete
interface which was incorrectly included in the package.
This update introduces a new configuration option which controls the
presence of cleartext passwords in email messages. The default is not
to include cleartext passwords.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.29.17-1+lenny1.
The stable distribution (squeeze) and the testing distribution
(wheezy) do not contain any dtc packages.
For the unstable distribution (sid), this problem has been fixed in
version 0.32.10-1.
We recommend that you upgrade your dtc packages.
References
Related
freebsd
freebsd
dtc -- multiple vulnerabilities
2011-03-02 00:00:00
openvas
openvas
FreeBSD Ports: dtc
2011-09-21 00:00:00
FreeBSD Ports: dtc
2011-09-21 00:00:00
Debian: Security Advisory (DSA-2179-1)
2011-03-09 00:00:00
nessus
nessus
Debian DSA-2179-1 : dtc - SQL injection
2011-03-03 00:00:00
debian
debian
[SECURITY] [DSA 2179-1] dtc security update
2011-03-02 20:57:25
securityvulns
securityvulns
[SECURITY] [DSA 2179-1] dtc security update
2011-03-03 00:00:00
prion
prion
Design/Logic Flaw
2011-03-07 21:00:00
Design/Logic Flaw
2011-03-07 21:00:00
Sql injection
2011-03-07 21:00:00
cve
cve
nvd
nvd
cvelist
cvelist
ubuntucve
ubuntucve