Sambar : Security Vulnerabilities, CVEs, CVSS score >= 6
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
Max CVSS
7.5
EPSS Score
7.02%
Published
2003-12-31
Updated
2017-07-11
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
Max CVSS
6.4
EPSS Score
5.00%
Published
2002-08-12
Updated
2008-09-05
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
Max CVSS
7.5
EPSS Score
9.39%
Published
2002-03-25
Updated
2008-09-05
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
Max CVSS
7.5
EPSS Score
0.97%
Published
2001-08-13
Updated
2008-09-05
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
Max CVSS
7.5
EPSS Score
0.38%
Published
2001-07-25
Updated
2017-10-10
Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
Max CVSS
10.0
EPSS Score
0.22%
Published
2000-06-01
Updated
2016-10-18
Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
Max CVSS
7.5
EPSS Score
0.35%
Published
1999-10-04
Updated
2017-12-19
7 vulnerabilities found