CVE-2006-3425 Information

Feb 14, 2021 cve

Description

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier does not require authentication for dagent/proxyreg.asp which allows remote attackers to list add or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List (2) Proxy or (3) Delete parameters.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18723 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596

Share on: