Unrated severityNVD Advisory· Published Jul 7, 2006· Updated Jun 16, 2026
CVE-2006-3426
CVE-2006-3426
Description
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:lumension:patchlink_update_server:6.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:lumension:patchlink_update_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:lumension:patchlink_update_server:6.2.0.181:*:*:*:*:*:*:*
- cpe:2.3:a:lumension:patchlink_update_server:6.2.0.189:*:*:*:*:*:*:*
- Range: 6.1 before P1, 6.2.x before SR1 P1
Patches
Vulnerability mechanics
References
9- secunia.com/advisories/20876nvdVendor Advisory
- secunia.com/advisories/20878nvdVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.htmlnvd
- securityreason.com/securityalert/1200nvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/438710/100/0/threadednvd
- www.securityfocus.com/bid/18732nvd
- www.vupen.com/english/advisories/2006/2595nvd
- www.vupen.com/english/advisories/2006/2596nvd
News mentions
0No linked articles in our index yet.