CVE-2005-3315 - Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allo

CVE-2005-3315

Summary

Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.

References

Vulnerable Configurations

cpe:2.3:a:novell:zenworks_patch_management_server:6.0.0.52:*:*:*:*:*:*:*
cpe:2.3:a:novell:zenworks_patch_management_server:6.0.0.52:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-03-2011 - 02:26)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15220
bugtraq	20051027 [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection
cert-vn	VU#536300
confirm	http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm
misc	http://cirt.dk/advisories/cirt-39-advisory.pdf
osvdb	20362 20363
sectrack	1015116
secunia	17358
sreason	124
vupen	ADV-2005-2238

Last major update

08-03-2011 - 02:26

Published

30-10-2005 - 20:02

Last modified

08-03-2011 - 02:26