CVE-2006-3430: SQL Injection
First published: Fri Jul 07 2006(Updated: )
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Novell ZENworks | <=6.2 | |
| Lumension Patchlink Update Server | =6.2.0.181 | |
| Lumension Patchlink Update Server | =6.1 | |
| Lumension Patchlink Update Server | =6.2.0.189 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1016405
- http://secunia.com/advisories/20876
- http://secunia.com/advisories/20878
- http://www.securityfocus.com/bid/18715
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
- http://securityreason.com/securityalert/1200
- http://www.vupen.com/english/advisories/2006/2595
- http://www.vupen.com/english/advisories/2006/2596
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27545
- http://www.securityfocus.com/archive/1/438710/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/novell
- canonical/novell zenworks
- version/novell zenworks/6.2
- vendor/lumension
- canonical/lumension patchlink update server
- version/lumension patchlink update server/6.2.0.181
- version/lumension patchlink update server/6.1
- version/lumension patchlink update server/6.2.0.189