Vulnerabilities > Sambar
|2006-12-18||CVE-2006-6624|| Remote Denial of Service vulnerability in Sambar Server 6.4 |
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.
| 4.0 |
|2005-11-05||CVE-2005-3506|| Cross-Site Scripting vulnerability in Sambar Server |
Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field.
| 4.3 |
|2004-12-31||CVE-2004-2565|| Multiple vulnerability in Sambar Server 6.1 |
Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.
| 5.0 |
|2004-12-31||CVE-2004-2564|| Multiple vulnerability in Sambar Server 6.1 |
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.
| 4.3 |
|2004-02-06||CVE-2004-2086|| Buffer Overflow vulnerability in Sambar Server 6.0 |
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
| 5.0 |
|2003-12-31||CVE-2003-1287|| Denial-Of-Service vulnerability in Server |
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
| 4.6 |
|2003-12-31||CVE-2003-1286|| Open Proxy Authentication Bypass vulnerability in Sambar |
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
| 7.5 |
|2003-12-31||CVE-2003-1285|| Unspecified vulnerability in Sambar Server |
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).
| 4.3 |
|2003-12-31||CVE-2003-1284|| Information Disclosure vulnerability in Sambar Server |
Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe.
| 5.0 |
|2002-08-12||CVE-2002-0737|| Unspecified vulnerability in Sambar Server 5.1 |
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
| 6.4 |