ID CVE-2005-3315
Summary Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.
References
Vulnerable Configurations
  • cpe:2.3:a:novell:zenworks_patch_management_server:6.0.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:novell:zenworks_patch_management_server:6.0.0.52:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-03-2011 - 02:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 15220
bugtraq 20051027 [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection
cert-vn VU#536300
confirm http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm
misc http://cirt.dk/advisories/cirt-39-advisory.pdf
osvdb
  • 20362
  • 20363
sectrack 1015116
secunia 17358
sreason 124
vupen ADV-2005-2238
Last major update 08-03-2011 - 02:26
Published 30-10-2005 - 20:02
Last modified 08-03-2011 - 02:26
Back to Top