CVE-2006-3430

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks; Patchlink Update Server
Vendor: CVE Published:; 7 July 2006

Summary

SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-J...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/438710/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/20876

third-party-advisoryx_refsource_SECUNIA

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 7, 2006
Vulnerability Reserved
Jul 6, 2006

Collectors

NVD DatabaseMitre Database