Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and previous versions allows remote malicious users to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lumension patchlink update server 6.2.0.181 |
||
lumension patchlink update server 6.2.0.189 |
||
novell zenworks |
||
lumension patchlink update server 6.1 |