[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-0437Date: (C)2011-03-07   (M)2023-12-22


shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 8.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-43523
ADV-2011-0556
DSA-2179
http://www.gplhost.sg/lists/dtcannounce/msg00025.html
dtc-ssh-sec-bypass(65897)
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=9b75112fc12fead5740b1aaf0df562b5a9045ec0
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=c97ab4ae43945de36534c40004d713b3b10113db
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog

CWE    1
CWE-264
OVAL    1
oval:org.secpod.oval:def:600182

© SecPod Technologies