NotCVE - vendor:"Lumension" product:"Patchlink Update Server" version:"6.2.0.189"

3 results (0.002 seconds)

CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0

CVE-2006-3425

https://notcve.org/view.php?id=CVE-2006-3425

07 Jul 2006 — FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. FastPatch para (a) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1, y (b) Novell ZENworks 6.2 SR y v... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

CVE-2006-3426

https://notcve.org/view.php?id=CVE-2006-3426

07 Jul 2006 — Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. Vulnerabilidad de salto de directorio en (a) PatchLink Update Server (PLUS) anterior a v6.1 P1 y v6.2.x enterior a v6.2 SR1 P1 y (b) Novel... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html •

CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0

CVE-2006-3430

https://notcve.org/view.php?id=CVE-2006-3430

07 Jul 2006 — SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. Vulnerabilidad de inyección SQL en checkprofile.asp de (1) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1 y (2) Novell ZENworks 6.2 SR1 y versiones anteriores, permite a atacantes remotos ejecutar c... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •