Sambar

Sambar Server

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2006-6624

Exploit
  • EPSS 8.41%
  • Veröffentlicht 18.12.2006 11:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.

4.3

CVE-2005-3506

  • EPSS 0.4%
  • Veröffentlicht 05.11.2005 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field.

5

CVE-2004-2565

Exploit
  • EPSS 7.65%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read a...

4.3

CVE-2004-2564

Exploit
  • EPSS 1.2%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title p...

5

CVE-2004-2086

Exploit
  • EPSS 68.84%
  • Veröffentlicht 06.02.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.

4.6

CVE-2003-1287

  • EPSS 0.14%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.

7.5

CVE-2003-1286

Exploit
  • EPSS 11.1%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection:...

4.3

CVE-2003-1285

Exploit
  • EPSS 1.39%
  • Veröffentlicht 31.12.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query paramet...

6.4

CVE-2002-0737

Exploit
  • EPSS 10.64%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.

7.5

CVE-2002-0128

Exploit
  • EPSS 8.65%
  • Veröffentlicht 25.03.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.