|From the Debian advisory:
Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple
vulnerabilities in DTC, a web control panel for admin and accounting
A possible shell insertion has been found in the mailing list
Unix rights for the apache2.conf were set incorrectly (world
Incorrect input sanitising for the $_SERVER["addrlink"] parameter
could lead to SQL insertion.
DTC was using the -b option of htpasswd, possibly revealing
password in clear text using ps or reading /proc.
in the DNS & MX section of the user panel.