Vulnerabilities > CVE-2004-2565 - Unspecified vulnerability in Sambar Server 6.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
sambar
exploit available
NVD
Published: 2004-12-31
Updated: 2024-11-20

Summary

Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.

Vulnerable Configurations

Part Description Count
Application
Sambar
1

Exploit-Db

descriptionSambar Server 6.1 beta 2 showini.asp Arbitrary File Access. CVE-2004-2565. Remote exploit for windows platform
idEDB-ID:24163
last seen2016-02-02
modified2004-06-01
published2004-06-01
reporterOliver Karow
sourcehttps://www.exploit-db.com/download/24163/
titleSambar Server 6.1 beta 2 showini.asp Arbitrary File Access

References