18 matches found
EUVD-2006-3422
Malware in sbrugna...
EUVD-2006-3421
Malware in sbrugna...
EUVD-2006-3426
Malware in sbrugna...
EUVD-2008-0535
Malware in sbrugna...
Code injection
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac LUM 6.2094 through 6.4102 and other products, allows local users to 1 truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and 2...
Two vulnerabilities for PatchLink Update Client for Unix.
PatchLink Update Unix Client File clobbering vulnerability Larry W. Cashdollar Vapid Labs 1/17/2008 Overview From the vendor: “PatchLink Update™ provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of...
patchlink-pwn.txt
PatchLink Update Unix Client File clobbering vulnerability Larry W. Cashdollar Vapid Labs 1/17/2008 Overview From the vendor: PatchLink Update provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of...
PatchLink Update /dagent/downloadreport.asp Multiple Parameter SQL Injection
The remote host is running PatchLink Update Server, a patch and vulnerability management solution. The version of PatchLink Update Server installed on the remote fails to sanitize user-supplied input to the 'agentid' and 'pass' parameters of the '/dagent/downloadreport.asp' script before using it...
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write
The remote host is running PatchLink Update Server, a patch and vulnerability management solution. The version of PatchLink Update Server installed on the remote fails to sanitize input to the '/dagent/nwupload.asp' script of directory traversal sequences and does not require authentication befor...
CVE-2006-3426
Directory traversal vulnerability in a PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and b Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. dot dot sequence in the 1 action, 2 agentid, or 3 index parameters ...
CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in 1 PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and 2 Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter...
CVE-2006-3430
CVE-2006-3430 affects PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, and Novell ZENworks 6.2 SR1 and earlier. The vulnerability is an SQL injection in checkprofile.asp via the agentid parameter (and related path /dagent/checkprofile.php) that allows an unauthenticat...
CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in 1 PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and 2 Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter...
CVE-2006-3426
CVE-2006-3426 affects PatchLink Update Server (PLUS) and related Novell ZENworks components. The vulnerability is a directory traversal in the /dagent/nwupload.asp endpoint, where the parameters (1) action, (2) agentid, or (3) index are used as pathname components. An unauthenticated attacker can...
CVE-2006-3425
CVE-2006-3425 is a remote-authentication bypass affecting PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, and Novell ZENworks 6.2 SR1 and earlier. The vulnerability allows an unauthenticated attacker to access dagent/proxyreg.asp and enumerate, add, or delete PatchLi...
PatchLink Update Server / Novell ZenWorks multiple security vulnerabilities
SQL injections, unauthorized access...
Multiple Vulnerabilities in PatchLink Update Server 6
------------------------------------------------------------- PatchLink Update Server 6 SQL Injection ------------------------------------------------------------- Severity: Critical Date: June 28, 2006 Class: Remote Status: Patch Available Discovered by: Chris Steipp, Novacoast csteipp at...
Multiple PatchLink Update Server patch management solution vulnerabilities
No description provided...