Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html - | |
References | () http://secunia.com/advisories/20876 - Vendor Advisory | |
References | () http://secunia.com/advisories/20878 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/1200 - | |
References | () http://securitytracker.com/id?1016405 - | |
References | () http://www.securityfocus.com/archive/1/438710/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/18732 - | |
References | () http://www.vupen.com/english/advisories/2006/2595 - | |
References | () http://www.vupen.com/english/advisories/2006/2596 - |
Information
Published : 2006-07-07 00:05
Updated : 2024-11-21 00:13
NVD link : CVE-2006-3426
Mitre link : CVE-2006-3426
CVE.ORG link : CVE-2006-3426
JSON object : View
Products Affected
novell
- zenworks
lumension
- patchlink_update_server
CWE