Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3430

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3430
Last Modified 08 Aug 2011 12:00:00
Published 06 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3430

Summary

SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.

Vulnerable Systems

Application

  • Lumension Patchlink Update Server 6.1

  • Lumension Patchlink Update Server 6.2.0.181

  • Lumension Patchlink Update Server 6.2.0.189

  • Novell Zenworks 6.2


References

XF - patchlink-checkprofile-sql-injection(27545)

VUPEN - ADV-2006-2596

VUPEN - ADV-2006-2595

BID - 18715

BUGTRAQ - 20060629 Multiple Vulnerabilities in PatchLink Update Server 6

SECTRACK - 1016405

SREASON - 1200

SECUNIA - 20878

SECUNIA - 20876


Last Updated: 27 May 2016 10:43:00