Vulnerabilities > Sambar > Sambar Server > 5.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-05 | CVE-2005-3506 | Cross-Site Scripting vulnerability in Sambar Server Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field. network sambar | 4.3 |
2003-12-31 | CVE-2003-1287 | Denial-Of-Service vulnerability in Server Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device. | 4.6 |
2003-12-31 | CVE-2003-1286 | Open Proxy Authentication Bypass vulnerability in Sambar HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests. | 7.5 |
2003-12-31 | CVE-2003-1285 | Unspecified vulnerability in Sambar Server Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl). network sambar | 4.3 |
2003-12-31 | CVE-2003-1284 | Information Disclosure vulnerability in Sambar Server Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe. | 5.0 |