HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
Max CVSS
7.5
EPSS Score
7.02%
Published
2003-12-31
Updated
2017-07-11
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
Max CVSS
6.4
EPSS Score
5.00%
Published
2002-08-12
Updated
2008-09-05
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
Max CVSS
7.5
EPSS Score
9.39%
Published
2002-03-25
Updated
2008-09-05
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
Max CVSS
7.5
EPSS Score
0.97%
Published
2001-08-13
Updated
2008-09-05
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
Max CVSS
7.5
EPSS Score
0.38%
Published
2001-07-25
Updated
2017-10-10
Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
Max CVSS
10.0
EPSS Score
0.22%
Published
2000-06-01
Updated
2016-10-18
Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
Max CVSS
7.5
EPSS Score
0.35%
Published
1999-10-04
Updated
2017-12-19
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!