[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2179-1 dtc -- SQL injection

ID: oval:org.secpod.oval:def:600182Date: (C)2011-03-10   (M)2023-11-09
Class: PATCHFamily: unix




Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services. CVE-2011-0434 The bw_per_moth.php graph contains an SQL injection vulnerability. CVE-2011-0435 Insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure. CVE-2011-0436 After a registration, passwords are sent in cleartext email messages. CVE-2011-0437 Authenticated users could delete accounts using an obsolete interface which was incorrectly included in the package. This update introduces a new configuration option which controls the presence of cleartext passwords in email messages. The default is not to include cleartext passwords

Platform:
Debian 5.0
Product:
dtc
Reference:
DSA-2179-1
CVE-2011-0434
CVE-2011-0435
CVE-2011-0436
CVE-2011-0437
CVE    4
CVE-2011-0435
CVE-2011-0436
CVE-2011-0434
CVE-2011-0437
...
CPE    1
cpe:/o:debian:debian_linux:5.0

© SecPod Technologies