Vulnerabilities > CVE-2005-3315 - SQL Injection vulnerability in Novell Zenworks Patch Management Server 6.0.0.52
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Novell ZENworks Patch Management 6.0 .52 computers/default.asp Direction Parameter SQL Injection. CVE-2005-3315. Webapps exploit for asp platform |
| id | EDB-ID:26429 |
| last seen | 2016-02-03 |
| modified | 2005-10-27 |
| published | 2005-10-27 |
| reporter | Dennis Rand |
| source | https://www.exploit-db.com/download/26429/ |
| title | Novell ZENworks Patch Management 6.0.52 - computers/default.asp Direction Parameter SQL Injection |
References
- http://cirt.dk/advisories/cirt-39-advisory.pdf
- http://secunia.com/advisories/17358
- http://securityreason.com/securityalert/124
- http://securitytracker.com/id?1015116
- http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm
- http://www.kb.cert.org/vuls/id/536300
- http://www.osvdb.org/20362
- http://www.osvdb.org/20363
- http://www.securityfocus.com/archive/1/414880
- http://www.securityfocus.com/bid/15220
- http://www.vupen.com/english/advisories/2005/2238