30 matches found
EUVD-2006-3422
Malware in sbrugna...
EUVD-2006-3421
Malware in sbrugna...
EUVD-2006-3426
Malware in sbrugna...
EUVD-2008-0535
Malware in sbrugna...
Patchlink Detection
The remote host has a patch management software installed on it. Description : This script uses Windows credentials to detect whether the remote host is running Patchlink and extracts the version number if so. Patchlink is a fully Internet-based, automated, cross-platform, security patch manageme...
Code injection
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac LUM 6.2094 through 6.4102 and other products, allows local users to 1 truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and 2...
CVE-2008-0525
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac LUM 6.2094 through 6.4102 and other products, allows local users to 1 truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and 2...
CVE-2008-0525
CVE-2008-0525 affects PatchLink Update client for Unix (used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac LUM 6.2094–6.4102 and related products). The root cause is local symlink abuse in scripts that use temporary files: /tmp/patchlink.tmp (logtrimmer) can be truncated, an...
CVE-2008-0525
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac LUM 6.2094 through 6.4102 and other products, allows local users to 1 truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and 2...
PatchLink Update Unix client symbolic links vulnerability
Symbolic links vulnerability on temporayr files creation...
Two vulnerabilities for PatchLink Update Client for Unix.
PatchLink Update Unix Client File clobbering vulnerability Larry W. Cashdollar Vapid Labs 1/17/2008 Overview From the vendor: “PatchLink Update™ provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of...
patchlink-pwn.txt
PatchLink Update Unix Client File clobbering vulnerability Larry W. Cashdollar Vapid Labs 1/17/2008 Overview From the vendor: PatchLink Update provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of...
PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection
The remote host is running PatchLink Update Server, a patch and vulnerability management solution. The version of PatchLink Update Server installed on the remote fails to sanitize user-supplied input to the 'agentid' and 'pass' parameters of the '/dagent/downloadreport.asp' script before using it...
PatchLink Update Server proxyreg.asp Arbitrary Proxy Manipulation
The remote host is running PatchLink Update Server, a patch and vulnerability management solution. The version of PatchLink Update Server installed on the remote fails to check for authentication credentials before providing access to the '/dagent/proxyreg.asp' script. An attacker can exploit thi...
PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection
The remote host is running PatchLink Update Server, a patch and vulnerability management solution. The version of PatchLink Update Server installed on the remote host fails to sanitize user-supplied input to the 'agentid' parameter of the '/dagent/checkprofile.php' script before using it to...
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write
The remote host is running PatchLink Update Server, a patch and vulnerability management solution. The version of PatchLink Update Server installed on the remote fails to sanitize input to the '/dagent/nwupload.asp' script of directory traversal sequences and does not require authentication befor...
CVE-2006-3426
Directory traversal vulnerability in a PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and b Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. dot dot sequence in the 1 action, 2 agentid, or 3 index parameters ...
CVE-2006-3425
FastPatch for a PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and b Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point PDP proxy servers via...
CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in 1 PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and 2 Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter...
CVE-2006-3430
CVE-2006-3430 affects PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, and Novell ZENworks 6.2 SR1 and earlier. The vulnerability is an SQL injection in checkprofile.asp via the agentid parameter (and related path /dagent/checkprofile.php) that allows an unauthenticat...