Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-07-07T00:00:00
Updated: 2018-10-18T14:57:01
Reserved: 2006-07-06T00:00:00
Link: CVE-2006-3426
JSON object: View
NVD Information
Status : Modified
Published: 2006-07-07T00:05:00.000
Modified: 2018-10-18T16:47:27.737
Link: CVE-2006-3426
JSON object: View
Redhat Information
No data.
CWE