Unrated severityNVD Advisory· Published Jul 7, 2006· Updated Apr 16, 2026

CVE-2006-3426

Description

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.

Affected products

Lumension/Patchlink Update Server3 versions
cpe:2.3:a:lumension:patchlink_update_server:6.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:lumension:patchlink_update_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:lumension:patchlink_update_server:6.2.0.181:*:*:*:*:*:*:*
- cpe:2.3:a:lumension:patchlink_update_server:6.2.0.189:*:*:*:*:*:*:*
Novell/Zenworks
cpe:2.3:a:novell:zenworks:*:sr1:*:*:*:*:*:*
Range: <=6.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20876nvdVendor Advisory
secunia.com/advisories/20878nvdVendor Advisory
lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.htmlnvd
securityreason.com/securityalert/1200nvd
securitytracker.com/idnvd
www.securityfocus.com/archive/1/438710/100/0/threadednvd
www.securityfocus.com/bid/18732nvd
www.vupen.com/english/advisories/2006/2595nvd
www.vupen.com/english/advisories/2006/2596nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000