Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [CIRT.DK] - Novell ZENworks Patch Management Server 6.

from [CIRT.DK Advisory] Network Security [Permanent Link]
Subject: [Full-disclosure] [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection
Date: Thu, 27 Oct 2005 16:24:05 +0200 
The Novell ZENworks Patch Management Server 6.0.0.52 is vulnerable to 
SQL injection in the management console.

To being able to exploit this issue the administrator have to 
manually created a none-privileged account as minimum, to allow
exploitation.

Fix:    
Upgrade to ZENworks Patch Management version 6.2.2.181
(or newer hot fix via your PLUS server) found at http://download.novell.com.

Note:   
The 6.0.0.52 CD ISO image was on the Novell download site up until the 2nd
week of September, 2005. 
The ZENworks Patch Management CD ISO image that is currently available at
the download site at the 
time of this document being published
http://download.novell.com/Download?buildid=5_kRStyf9wU~ 

ISO Name:       ZEN_PatchMgmt_Upd6.2.iso Size: 323.8 MB
(339607552) MD5: aeb244ecdf29c83cb8388fae1a6a1919 


A technical description of the vulnerability can be read at: 
http://www.cirt.dk



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection, CIRT.DK Advisory <=
Previous by Date:  [VulnWatch] fetchmail security announcement 2005-02 (CVE-2005-3088), ma+nomail
Next by Date:  Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Nicob
Previous by Thread:  [VulnWatch] fetchmail security announcement 2005-02 (CVE-2005-3088), ma+nomail
Next by Thread:  fetchmail security announcement 2005-02 (CVE-2005-3088), ma+nomail
Indexes:  [Date] [Thread] [Top] [All Lists]