5

CVE-2006-3426

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LumensionPatchlink Update Server Version6.2.0.181
LumensionPatchlink Update Server Version6.2.0.189
NovellZenworks Updatesr1 Version <= 6.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.63% 0.835
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
http://secunia.com/advisories/20876
Vendor Advisory
http://secunia.com/advisories/20878
Vendor Advisory
http://securityreason.com/securityalert/1200
http://securitytracker.com/id?1016405
http://www.securityfocus.com/archive/1/438710/100/0/threaded
http://www.vupen.com/english/advisories/2006/2595
http://www.vupen.com/english/advisories/2006/2596
http://www.securityfocus.com/bid/18732