CVE-2022-38757 – CVE-2022-38757 ZENworks
https://notcve.org/view.php?id=CVE-2022-38757
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator. Se ha identificado una vulnerabilidad en Micro Focus ZENworks 2020 Update 3a y versiones anteriores. Esta vulnerabilidad permite a los administradores con derechos para realizar acciones (por ejemplo, instalar un paquete) en un conjunto de dispositivos administrados, poder ejercer estos derechos en dispositivos administrados en la zona de ZENworks pero que están fuera del alcance del administrador. • https://kmviewer.saas.microfocus.com/#/PH_206719 https://kmviewer.saas.microfocus.com/#/PH_206720 https://portal.microfocus.com/s/article/KM000012895?language=en_US • CWE-269: Improper Privilege Management •
CVE-2006-3430
https://notcve.org/view.php?id=CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. Vulnerabilidad de inyección SQL en checkprofile.asp de (1) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1 y (2) Novell ZENworks 6.2 SR1 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro agentid. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18715 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 https://exchange.xforce.ibmcloud.com/vulnerabilities/27545 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2006-3425
https://notcve.org/view.php?id=CVE-2006-3425
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. FastPatch para (a) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1, y (b) Novell ZENworks 6.2 SR y versiones anteiores, no requiere autenticación para dagent/proxyreg.asp, lo cual permite a atacantes remotos listar, añadir, o borrar servidores proxy PatchLink Distribution Point (PDP) a través de la modificación de los parámetros (1) List, (2) Proxy, o (3) Delete. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18723 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 •
CVE-2006-3426
https://notcve.org/view.php?id=CVE-2006-3426
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. Vulnerabilidad de salto de directorio en (a) PatchLink Update Server (PLUS) anterior a v6.1 P1 y v6.2.x enterior a v6.2 SR1 P1 y (b) Novell ZENworks 6.2 SR1 y anteriores, permite a atacantes remotos sobreescribir ficheros de su elección a través de una secuencia ..(punto punto) en los parámetros (1) action, (2) agentid, or (3) index al dagent/nwupload.asp, que es usado como el componente de nombre de ruta. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18732 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 •