Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2001-1010 | 5.0 |
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
|
10-10-2017 - 01:29 | 22-07-2001 - 04:00 | |
CVE-2004-2086 | 5.0 |
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
|
11-07-2017 - 01:31 | 06-02-2004 - 05:00 | |
CVE-2003-1286 | 7.5 |
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection:
|
11-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2003-1284 | 5.0 |
Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe.
|
11-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2003-1287 | 4.6 |
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
|
11-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2003-1285 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query paramet
|
11-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
CVE-2002-0737 | 6.4 |
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
|
05-09-2008 - 20:28 | 12-08-2002 - 04:00 | |
CVE-2002-0128 | 7.5 |
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
|
05-09-2008 - 20:27 | 25-03-2002 - 05:00 |