Search
Find a vulnerability
Search criteria
6 vulnerabilities by lumension
CVE-2006-3430 (GCVE-0-2006-3430)
Vulnerability from nvd – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
VLAI
Summary
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/438710/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/20876 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20878 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18715 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/1200 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2596 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/2595 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1016405 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "18715",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18715"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "patchlink-checkprofile-sql-injection(27545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "18715",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18715"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "patchlink-checkprofile-sql-injection(27545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016405"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20878"
},
{
"name": "18715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18715"
},
{
"name": "1200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "patchlink-checkprofile-sql-injection(27545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
},
{
"name": "ADV-2006-2596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016405"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3430",
"datePublished": "2006-07-07T00:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:33.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3426 (GCVE-0-2006-3426)
Vulnerability from nvd – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/18732 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/438710/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/20876 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20878 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1200 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/2596 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/2595 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1016405 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "18732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18732"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "18732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18732"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016405"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "18732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18732"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016405"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3426",
"datePublished": "2006-07-07T00:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:33.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3425 (GCVE-0-2006-3425)
Vulnerability from nvd – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
VLAI
Summary
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/438710/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/20876 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20878 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1200 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/2596 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/2595 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1016405 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/18723 | vdb-entryx_refsource_BID |
Date Public
2006-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016405"
},
{
"name": "18723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016405"
},
{
"name": "18723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18723"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016405"
},
{
"name": "18723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18723"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3425",
"datePublished": "2006-07-07T00:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:33.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3430 (GCVE-0-2006-3430)
Vulnerability from cvelistv5 – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
VLAI
Summary
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/438710/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/20876 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20878 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/18715 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/1200 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2596 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/2595 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1016405 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "18715",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18715"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "patchlink-checkprofile-sql-injection(27545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "18715",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18715"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "patchlink-checkprofile-sql-injection(27545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016405"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20878"
},
{
"name": "18715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18715"
},
{
"name": "1200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "patchlink-checkprofile-sql-injection(27545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
},
{
"name": "ADV-2006-2596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016405"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3430",
"datePublished": "2006-07-07T00:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:33.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3426 (GCVE-0-2006-3426)
Vulnerability from cvelistv5 – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/bid/18732 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/438710/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/20876 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20878 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1200 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/2596 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/2595 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1016405 | vdb-entryx_refsource_SECTRACK |
Date Public
2006-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "18732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18732"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "18732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18732"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016405"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "18732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18732"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016405"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3426",
"datePublished": "2006-07-07T00:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:33.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3425 (GCVE-0-2006-3425)
Vulnerability from cvelistv5 – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
VLAI
Summary
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/438710/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/20876 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20878 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1200 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/2596 | vdb-entryx_refsource_VUPEN |
| http://www.vupen.com/english/advisories/2006/2595 | vdb-entryx_refsource_VUPEN |
| http://securitytracker.com/id?1016405 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/18723 | vdb-entryx_refsource_BID |
Date Public
2006-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016405"
},
{
"name": "18723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016405"
},
{
"name": "18723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18723"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
},
{
"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
},
{
"name": "20876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20876"
},
{
"name": "20878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20878"
},
{
"name": "1200",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1200"
},
{
"name": "ADV-2006-2596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2596"
},
{
"name": "ADV-2006-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2595"
},
{
"name": "1016405",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016405"
},
{
"name": "18723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18723"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3425",
"datePublished": "2006-07-07T00:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:33.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}