CVE-2006-6299
https://notcve.org/view.php?id=CVE-2006-6299
Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. Desbordamiento de entero en Msg.dll en Novell ZENworks 7 Asset Management (ZAM) anterior al SP1 IR11 y el cliente Collection permiten a atacantes remotos ejecutar código de su elección mediante paquetes artesanales, que provocan un desbordamiento de búfer basado en pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=447 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=448 http://secunia.com/advisories/23157 http://securitytracker.com/id?1017326 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974824.htm http://www.securityfocus.com/bid/21395 http://www.securityfocus.com/bid/21400 http://www.vupen.com/english/advisories/2006/4829 https://exchange.xforce.ibmcloud.com/vulnerabilities/30665 •
CVE-2006-3430
https://notcve.org/view.php?id=CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. Vulnerabilidad de inyección SQL en checkprofile.asp de (1) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1 y (2) Novell ZENworks 6.2 SR1 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro agentid. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18715 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 https://exchange.xforce.ibmcloud.com/vulnerabilities/27545 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2006-3425
https://notcve.org/view.php?id=CVE-2006-3425
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. FastPatch para (a) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1, y (b) Novell ZENworks 6.2 SR y versiones anteiores, no requiere autenticación para dagent/proxyreg.asp, lo cual permite a atacantes remotos listar, añadir, o borrar servidores proxy PatchLink Distribution Point (PDP) a través de la modificación de los parámetros (1) List, (2) Proxy, o (3) Delete. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18723 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 •
CVE-2006-3426
https://notcve.org/view.php?id=CVE-2006-3426
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. Vulnerabilidad de salto de directorio en (a) PatchLink Update Server (PLUS) anterior a v6.1 P1 y v6.2.x enterior a v6.2 SR1 P1 y (b) Novell ZENworks 6.2 SR1 y anteriores, permite a atacantes remotos sobreescribir ficheros de su elección a través de una secuencia ..(punto punto) en los parámetros (1) action, (2) agentid, or (3) index al dagent/nwupload.asp, que es usado como el componente de nombre de ruta. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18732 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 •
CVE-2005-3786
https://notcve.org/view.php?id=CVE-2005-3786
Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. • http://secunia.com/advisories/17700 http://securitytracker.com/id?1015260 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098818.htm http://www.securityfocus.com/bid/15540 http://www.vupen.com/english/advisories/2005/2544 •