CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2006-3426
https://notcve.org/view.php?id=CVE-2006-3426
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. Vulnerabilidad de salto de directorio en (a) PatchLink Update Server (PLUS) anterior a v6.1 P1 y v6.2.x enterior a v6.2 SR1 P1 y (b) Novell ZENworks 6.2 SR1 y anteriores, permite a atacantes remotos sobreescribir ficheros de su elección a través de una secuencia ..(punto punto) en los parámetros (1) action, (2) agentid, or (3) index al dagent/nwupload.asp, que es usado como el componente de nombre de ruta. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18732 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2006-3430
https://notcve.org/view.php?id=CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. Vulnerabilidad de inyección SQL en checkprofile.asp de (1) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1 y (2) Novell ZENworks 6.2 SR1 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro agentid. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18715 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 https://exchange.xforce.ibmcloud.com/vulnerabilities/27545 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2006-3425
https://notcve.org/view.php?id=CVE-2006-3425
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. FastPatch para (a) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1, y (b) Novell ZENworks 6.2 SR y versiones anteiores, no requiere autenticación para dagent/proxyreg.asp, lo cual permite a atacantes remotos listar, añadir, o borrar servidores proxy PatchLink Distribution Point (PDP) a través de la modificación de los parámetros (1) List, (2) Proxy, o (3) Delete. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18723 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 •