5
CVE-2006-3426
- EPSS 2.63%
- Veröffentlicht 07.07.2006 00:05:00
- Zuletzt bearbeitet 16.06.2026 22:27:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lumension ≫ Patchlink Update Server Version6.1
Lumension ≫ Patchlink Update Server Version6.2.0.181
Lumension ≫ Patchlink Update Server Version6.2.0.189
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.63% | 0.835 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
http://secunia.com/advisories/20876
http://secunia.com/advisories/20878
http://securityreason.com/securityalert/1200
http://securitytracker.com/id?1016405
http://www.securityfocus.com/archive/1/438710/100/0/threaded
http://www.vupen.com/english/advisories/2006/2595
http://www.vupen.com/english/advisories/2006/2596
http://www.securityfocus.com/bid/18732