Search

Find a vulnerability

Search criteria

    6 vulnerabilities by lumension

    CVE-2006-3430 (GCVE-0-2006-3430)

    Vulnerability from nvd – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/438710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/20876 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20878 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18715 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/1200 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/2596 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/2595 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1016405 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:33.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
              },
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
              },
              {
                "name": "20876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20876"
              },
              {
                "name": "20878",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20878"
              },
              {
                "name": "18715",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18715"
              },
              {
                "name": "1200",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1200"
              },
              {
                "name": "patchlink-checkprofile-sql-injection(27545)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
              },
              {
                "name": "ADV-2006-2596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2596"
              },
              {
                "name": "ADV-2006-2595",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2595"
              },
              {
                "name": "1016405",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016405"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
            },
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
            },
            {
              "name": "20876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20876"
            },
            {
              "name": "20878",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20878"
            },
            {
              "name": "18715",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18715"
            },
            {
              "name": "1200",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1200"
            },
            {
              "name": "patchlink-checkprofile-sql-injection(27545)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
            },
            {
              "name": "ADV-2006-2596",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2596"
            },
            {
              "name": "ADV-2006-2595",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2595"
            },
            {
              "name": "1016405",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016405"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3430",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
                },
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
                },
                {
                  "name": "20876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20876"
                },
                {
                  "name": "20878",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20878"
                },
                {
                  "name": "18715",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18715"
                },
                {
                  "name": "1200",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1200"
                },
                {
                  "name": "patchlink-checkprofile-sql-injection(27545)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
                },
                {
                  "name": "ADV-2006-2596",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2596"
                },
                {
                  "name": "ADV-2006-2595",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2595"
                },
                {
                  "name": "1016405",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016405"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3430",
        "datePublished": "2006-07-07T00:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:33.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3426 (GCVE-0-2006-3426)

    Vulnerability from nvd – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/18732 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/438710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/20876 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20878 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/1200 third-party-advisoryx_refsource_SREASON
    http://www.vupen.com/english/advisories/2006/2596 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/2595 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1016405 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:33.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
              },
              {
                "name": "18732",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18732"
              },
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
              },
              {
                "name": "20876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20876"
              },
              {
                "name": "20878",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20878"
              },
              {
                "name": "1200",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1200"
              },
              {
                "name": "ADV-2006-2596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2596"
              },
              {
                "name": "ADV-2006-2595",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2595"
              },
              {
                "name": "1016405",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016405"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
            },
            {
              "name": "18732",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18732"
            },
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
            },
            {
              "name": "20876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20876"
            },
            {
              "name": "20878",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20878"
            },
            {
              "name": "1200",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1200"
            },
            {
              "name": "ADV-2006-2596",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2596"
            },
            {
              "name": "ADV-2006-2595",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2595"
            },
            {
              "name": "1016405",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016405"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3426",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
                },
                {
                  "name": "18732",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18732"
                },
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
                },
                {
                  "name": "20876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20876"
                },
                {
                  "name": "20878",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20878"
                },
                {
                  "name": "1200",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1200"
                },
                {
                  "name": "ADV-2006-2596",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2596"
                },
                {
                  "name": "ADV-2006-2595",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2595"
                },
                {
                  "name": "1016405",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016405"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3426",
        "datePublished": "2006-07-07T00:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:33.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3425 (GCVE-0-2006-3425)

    Vulnerability from nvd – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/438710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/20876 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20878 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/1200 third-party-advisoryx_refsource_SREASON
    http://www.vupen.com/english/advisories/2006/2596 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/2595 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1016405 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/18723 vdb-entryx_refsource_BID
    Date Public
    2006-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:33.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
              },
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
              },
              {
                "name": "20876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20876"
              },
              {
                "name": "20878",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20878"
              },
              {
                "name": "1200",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1200"
              },
              {
                "name": "ADV-2006-2596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2596"
              },
              {
                "name": "ADV-2006-2595",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2595"
              },
              {
                "name": "1016405",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016405"
              },
              {
                "name": "18723",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18723"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
            },
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
            },
            {
              "name": "20876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20876"
            },
            {
              "name": "20878",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20878"
            },
            {
              "name": "1200",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1200"
            },
            {
              "name": "ADV-2006-2596",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2596"
            },
            {
              "name": "ADV-2006-2595",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2595"
            },
            {
              "name": "1016405",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016405"
            },
            {
              "name": "18723",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18723"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3425",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
                },
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
                },
                {
                  "name": "20876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20876"
                },
                {
                  "name": "20878",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20878"
                },
                {
                  "name": "1200",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1200"
                },
                {
                  "name": "ADV-2006-2596",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2596"
                },
                {
                  "name": "ADV-2006-2595",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2595"
                },
                {
                  "name": "1016405",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016405"
                },
                {
                  "name": "18723",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18723"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3425",
        "datePublished": "2006-07-07T00:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:33.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3430 (GCVE-0-2006-3430)

    Vulnerability from cvelistv5 – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/438710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/20876 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20878 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18715 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/1200 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/2596 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/2595 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1016405 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:33.235Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
              },
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
              },
              {
                "name": "20876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20876"
              },
              {
                "name": "20878",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20878"
              },
              {
                "name": "18715",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18715"
              },
              {
                "name": "1200",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1200"
              },
              {
                "name": "patchlink-checkprofile-sql-injection(27545)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
              },
              {
                "name": "ADV-2006-2596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2596"
              },
              {
                "name": "ADV-2006-2595",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2595"
              },
              {
                "name": "1016405",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016405"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
            },
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
            },
            {
              "name": "20876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20876"
            },
            {
              "name": "20878",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20878"
            },
            {
              "name": "18715",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18715"
            },
            {
              "name": "1200",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1200"
            },
            {
              "name": "patchlink-checkprofile-sql-injection(27545)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
            },
            {
              "name": "ADV-2006-2596",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2596"
            },
            {
              "name": "ADV-2006-2595",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2595"
            },
            {
              "name": "1016405",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016405"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3430",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
                },
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
                },
                {
                  "name": "20876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20876"
                },
                {
                  "name": "20878",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20878"
                },
                {
                  "name": "18715",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18715"
                },
                {
                  "name": "1200",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1200"
                },
                {
                  "name": "patchlink-checkprofile-sql-injection(27545)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27545"
                },
                {
                  "name": "ADV-2006-2596",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2596"
                },
                {
                  "name": "ADV-2006-2595",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2595"
                },
                {
                  "name": "1016405",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016405"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3430",
        "datePublished": "2006-07-07T00:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:33.235Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3426 (GCVE-0-2006-3426)

    Vulnerability from cvelistv5 – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/18732 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/438710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/20876 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20878 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/1200 third-party-advisoryx_refsource_SREASON
    http://www.vupen.com/english/advisories/2006/2596 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/2595 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1016405 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:33.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
              },
              {
                "name": "18732",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18732"
              },
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
              },
              {
                "name": "20876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20876"
              },
              {
                "name": "20878",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20878"
              },
              {
                "name": "1200",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1200"
              },
              {
                "name": "ADV-2006-2596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2596"
              },
              {
                "name": "ADV-2006-2595",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2595"
              },
              {
                "name": "1016405",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016405"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
            },
            {
              "name": "18732",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18732"
            },
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
            },
            {
              "name": "20876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20876"
            },
            {
              "name": "20878",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20878"
            },
            {
              "name": "1200",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1200"
            },
            {
              "name": "ADV-2006-2596",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2596"
            },
            {
              "name": "ADV-2006-2595",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2595"
            },
            {
              "name": "1016405",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016405"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3426",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
                },
                {
                  "name": "18732",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18732"
                },
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
                },
                {
                  "name": "20876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20876"
                },
                {
                  "name": "20878",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20878"
                },
                {
                  "name": "1200",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1200"
                },
                {
                  "name": "ADV-2006-2596",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2596"
                },
                {
                  "name": "ADV-2006-2595",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2595"
                },
                {
                  "name": "1016405",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016405"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3426",
        "datePublished": "2006-07-07T00:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:33.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3425 (GCVE-0-2006-3425)

    Vulnerability from cvelistv5 – Published: 2006-07-07 00:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/archive/1/438710/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/20876 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/20878 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/1200 third-party-advisoryx_refsource_SREASON
    http://www.vupen.com/english/advisories/2006/2596 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2006/2595 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1016405 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/18723 vdb-entryx_refsource_BID
    Date Public
    2006-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:33.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
              },
              {
                "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
              },
              {
                "name": "20876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20876"
              },
              {
                "name": "20878",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20878"
              },
              {
                "name": "1200",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1200"
              },
              {
                "name": "ADV-2006-2596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2596"
              },
              {
                "name": "ADV-2006-2595",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2595"
              },
              {
                "name": "1016405",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016405"
              },
              {
                "name": "18723",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18723"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
            },
            {
              "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
            },
            {
              "name": "20876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20876"
            },
            {
              "name": "20878",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20878"
            },
            {
              "name": "1200",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1200"
            },
            {
              "name": "ADV-2006-2596",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2596"
            },
            {
              "name": "ADV-2006-2595",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2595"
            },
            {
              "name": "1016405",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016405"
            },
            {
              "name": "18723",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18723"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3425",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"
                },
                {
                  "name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"
                },
                {
                  "name": "20876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20876"
                },
                {
                  "name": "20878",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20878"
                },
                {
                  "name": "1200",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1200"
                },
                {
                  "name": "ADV-2006-2596",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2596"
                },
                {
                  "name": "ADV-2006-2595",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2595"
                },
                {
                  "name": "1016405",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016405"
                },
                {
                  "name": "18723",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18723"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3425",
        "datePublished": "2006-07-07T00:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:33.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }