FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0434

This CVE name corresponds to:

Entered Topic
2011-08-13 dtc -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-0434 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-0434
Phase Assigned(20110112)

Description

Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.

References

Source Reference
MLIST [dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update
CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e
CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162
CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog
DEBIAN DSA-2179
SECUNIA 43523
VUPEN ADV-2011-0556
XF dtc-cid-sql-injection(65895)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.