Published: 30/10/2005 Updated: 08/03/2011

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Zenworks Patch Management Server

Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x prior to 6.2.2.181 allow remote malicious users to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell zenworks patch management server 6.0.0.52

source: wwwsecurityfocuscom/bid/15220/info ZENworks Patch Management is prone to multiple SQL injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries Successful exploitation could result in a compromise of the application, disclosure or modif ...

source: wwwsecurityfocuscom/bid/15220/info ZENworks Patch Management is prone to multiple SQL injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries Successful exploitation could result in a compromise of the application, disclosure or mod ...

NVD-CWE-Other http://cirt.dk/advisories/cirt-39-advisory.pdf http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm http://www.kb.cert.org/vuls/id/536300 http://secunia.com/advisories/17358 http://www.osvdb.org/20362 http://www.osvdb.org/20363 http://securitytracker.com/id?1015116 http://www.securityfocus.com/archive/1/414880 http://www.securityfocus.com/bid/15220 http://securityreason.com/securityalert/124 http://www.vupen.com/english/advisories/2005/2238 https://nvd.nist.gov https://www.exploit-db.com/exploits/26429/

CVE-2005-3315

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect