CVE-2006-3426

3 documents3 sources

Severity

5.0MEDIUM

EPSS

2.0%

top 16.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Zenworks Lumension Patchlink Update Server

Timeline

PublishedJul 7

Latest updateMay 1

Description

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDlumension/patchlink_update_server6.1, 6.2.0.181, 6.2.0.189+2

▶NVDnovell/zenworks6.2

🔴Vulnerability Details

GHSA

GHSA-2cf6-3qv9-xvhv: Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6↗2022-05-01

▶

CVEList

CVE-2006-3426: Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6↗2006-07-07

▶