The remote host is missing an update to dtc announced via advisory DSA 2179-1.

For the oldstable distribution (lenny), this problem has been fixed in version 0.29.17-1+lenny1. The stable distribution (squeeze) and the the testing distribution (wheezy) do not contain any dtc packages. For the unstable distribution (sid), this problem has been fixed in version 0.32.10-1. We recommend that you upgrade your dtc packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202179-1

Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services. CVE-2011-0434 The bw_per_moth.php graph contains an SQL injection vulnerability. CVE-2011-0435 Insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure. CVE-2011-0436 After a registration, passwords are sent in cleartext email messages. CVE-2011-0437 Authenticated users could delete accounts using an obsolete interface which was incorrectly included in the package. This update introduces a new configuration option which controls the presence of cleartext passwords in email messages. The default is not to include cleartext passwords