SQL Injection Vulnerability in PatchLink Update Server and Novell ZENworks
CVE-2006-3430

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks; Patchlink Update Server
Vendor: CVE Published:; 7 July 2006

What is CVE-2006-3430?

The vulnerability in the checkprofile.asp file of the PatchLink Update Server and Novell ZENworks allows remote attackers to exploit the agentid parameter, executing arbitrary SQL commands. This can lead to unauthorized data access and manipulation, potentially compromising sensitive information.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-J...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/438710/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/20876

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2006
Vulnerability Reserved
Jul 6, 2006