Lumension : Security Vulnerabilities, CVEs, CVSS score >= 6
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
Max CVSS
7.5
EPSS Score
1.45%
Published
2006-07-07
Updated
2018-10-18
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
Max CVSS
7.5
EPSS Score
2.96%
Published
2006-07-07
Updated
2018-10-18
2 vulnerabilities found