CVE-2006-3430

CVE-2006-3430 affects PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, and Novell ZENworks 6.2 SR1 and earlier. The vulnerability is an SQL injection in checkprofile.asp via the agentid parameter (and related path /dagent/checkprofile.php) that allows an unauthenticat...

CVE-2006-3425

CVE-2006-3425 is a remote-authentication bypass affecting PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, and Novell ZENworks 6.2 SR1 and earlier. The vulnerability allows an unauthenticated attacker to access dagent/proxyreg.asp and enumerate, add, or delete PatchLi...

CVE-2006-3426

CVE-2006-3426 affects PatchLink Update Server (PLUS) and related Novell ZENworks components. The vulnerability is a directory traversal in the /dagent/nwupload.asp endpoint, where the parameters (1) action, (2) agentid, or (3) index are used as pathname components. An unauthenticated attacker can...