Sambar: >> Sambar Server >> 4.3 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-11-05
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
CVSS Score
7.5
EPSS Score
0.015
Published
2001-07-25
search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter.
CVSS Score
5.0
EPSS Score
0.036
Published
2000-11-14
Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
CVSS Score
10.0
EPSS Score
0.026
Published
2000-06-01
Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
CVSS Score
7.5
EPSS Score
0.011
Published
1999-10-04