Domain Technologie Control Multiple Vulnerabilities

Domain Technologie Control is prone to the following vulnerabilities:

1. A command-injection vulnerability.
2. An information-disclosure vulnerability.
3. Multiple SQL-injection vulnerabilities.
4. A local file-include vulnerability.
5. A cross-site scripting vulnerability.
6. A privilege-escalation vulnerability.

Exploiting these issues can allow attackers to execute arbitrary commands in the context of the application, obtain sensitive information that may aid in further attacks, manipulate the SQL query logic to carry out unauthorized actions on the underlying database, view and execute arbitrary local files in the context of the webserver process, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site (which may allow the attacker to steal cookie-based authentication credentials and gain elevated privileges on the affected computer).


 

Privacy Statement
Copyright 2010, SecurityFocus