IDCVSSSummaryLast (major) updatePublished
CVE-2000-0509 10.0
Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
17-10-2016 - 22:07 01-06-2000 - 00:00
CVE-1999-1523 7.5
Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
17-10-2016 - 22:05 04-10-1999 - 00:00
CVE-2006-6624 4.0
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.
07-03-2011 - 21:46 18-12-2006 - 06:28
CVE-2005-3506 4.3
Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field.
07-03-2011 - 21:26 05-11-2005 - 06:02
CVE-2000-0835 5.0
search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter.
16-01-2010 - 00:00 14-11-2000 - 00:00
CVE-2000-0213 5.0
The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.
10-09-2008 - 15:03 23-02-2000 - 00:00
CVE-2004-2565 5.0
Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read a
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2564 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title p
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-2086 5.0
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
05-09-2008 - 16:43 06-02-2004 - 00:00
CVE-2003-1287 4.6
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1286 7.5
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection:
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1285 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query paramet
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1284 5.0
Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2002-0737 6.4
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0128 7.5
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
05-09-2008 - 16:27 25-03-2002 - 00:00
CVE-2001-1292 7.5
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
05-09-2008 - 16:26 13-08-2001 - 00:00
CVE-2001-1106 7.5
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the
05-09-2008 - 16:25 25-07-2001 - 00:00
CVE-2001-1010 5.0
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
05-09-2008 - 16:25 22-07-2001 - 00:00
CVE-1999-1178 5.0
Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script.
05-09-2008 - 16:18 10-06-1998 - 00:00
Back to Top Mark selected
Back to Top