Vulnerabilities > Lumension > Patchlink Update Server > 6.2.0.189

DATE CVE VULNERABILITY TITLE RISK
2006-07-07 CVE-2006-3430 SQL Injection vulnerability in multiple products
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
network
low complexity
lumension novell CWE-89
7.5
7.5
2006-07-07 CVE-2006-3426 Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a ..
network
low complexity
lumension novell
5.0
5.0
2006-07-07 CVE-2006-3425 Authentication Bypass vulnerability in PatchLink Update Server Proxyreg.ASP
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
network
low complexity
lumension novell
7.5
7.5