CVE-2006-3430 Information

Description

SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to execute arbitrary SQL commands via the agentid parameter.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html http://secunia.com/advisories/20876 http://secunia.com/advisories/20878 http://securityreason.com/securityalert/1200 http://securitytracker.com/id?1016405 http://www.securityfocus.com/archive/1/438710/100/0/threaded http://www.securityfocus.com/bid/18715 http://www.vupen.com/english/advisories/2006/2595 http://www.vupen.com/english/advisories/2006/2596 https://exchange.xforce.ibmcloud.com/vulnerabilities/27545