VYPR
Unrated severityNVD Advisory· Published Jul 7, 2006· Updated Jun 16, 2026

CVE-2006-3426

CVE-2006-3426

Description

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:lumension:patchlink_update_server:6.1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:lumension:patchlink_update_server:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:lumension:patchlink_update_server:6.2.0.181:*:*:*:*:*:*:*
    • cpe:2.3:a:lumension:patchlink_update_server:6.2.0.189:*:*:*:*:*:*:*
  • Novell/Zenworks2 versions
    cpe:2.3:a:novell:zenworks:*:sr1:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:novell:zenworks:*:sr1:*:*:*:*:*:*range: <=6.2
    • (no CPE)range: <=6.2 SR1
  • Range: 6.1 before P1, 6.2.x before SR1 P1

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.