CVE-2006-3426

Directory traversal vulnerability in a PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and b Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. dot dot sequence in the 1 action, 2 agentid, or 3 index parameters ...

CVE-2006-3430

CVE-2006-3430 affects PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, and Novell ZENworks 6.2 SR1 and earlier. The vulnerability is an SQL injection in checkprofile.asp via the agentid parameter (and related path /dagent/checkprofile.php) that allows an unauthenticat...

CVE-2006-3425

CVE-2006-3425 is a remote-authentication bypass affecting PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, and Novell ZENworks 6.2 SR1 and earlier. The vulnerability allows an unauthenticated attacker to access dagent/proxyreg.asp and enumerate, add, or delete PatchLi...

CVE-2006-3426

CVE-2006-3426 affects PatchLink Update Server (PLUS) and related Novell ZENworks components. The vulnerability is a directory traversal in the /dagent/nwupload.asp endpoint, where the parameters (1) action, (2) agentid, or (3) index are used as pathname components. An unauthenticated attacker can...

CVE-2006-3430

SQL injection vulnerability in checkprofile.asp in 1 PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and 2 Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter...

PatchLink Update Server / Novell ZenWorks multiple security vulnerabilities

SQL injections, unauthorized access...

Multiple Vulnerabilities in PatchLink Update Server 6

------------------------------------------------------------- PatchLink Update Server 6 SQL Injection ------------------------------------------------------------- Severity: Critical Date: June 28, 2006 Class: Remote Status: Patch Available Discovered by: Chris Steipp, Novacoast csteipp at...

Bugs/Security issues with PatchLink's Update Server

Security Focus, I have been reporting issues to PatchLink Support for two years now with little & no resolution on most of the things I find. Because they are such a large patch management platform I think it is important that they be responsible for their coding practices. But even trying to wor...

Multiple PatchLink Update Server patch management solution vulnerabilities

No description provided...

Roxen security alert: Problems with URLs containing null characters.

Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs containing null characters can gain the browser access to information he is not authorized to: Directory listings in directories with index files In normal filesystems: the sourcecode for RXML files, Pike scripts, CGIs etc...