CVE-2006-3426

high

Description

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.

References

http://www.vupen.com/english/advisories/2006/2596

http://www.vupen.com/english/advisories/2006/2595

http://www.securityfocus.com/bid/18732

http://www.securityfocus.com/archive/1/438710/100/0/threaded

http://securitytracker.com/id?1016405

http://securityreason.com/securityalert/1200

http://secunia.com/advisories/20878

http://secunia.com/advisories/20876

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html

Details

Source: Mitre, NVD

Published: 2006-07-07

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High