CVE Vulnerabilities

CVE-2006-3426

Published: Jul 07, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.

Affected Software

Name Vendor Start Version End Version
Zenworks Novell * 6.2
Patchlink_update_server Lumension 6.2.0.181 6.2.0.181
Patchlink_update_server Lumension 6.1 6.1
Patchlink_update_server Lumension 6.2.0.189 6.2.0.189

References