Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.
References
| Link | Resource |
|---|---|
| http://secunia.com/advisories/11748 | Exploit Vendor Advisory |
| http://securitytracker.com/id?1010353 | Exploit |
| http://www.oliverkarow.de/research/sambar.txt | Exploit |
| http://www.osvdb.org/6585 | Exploit |
| http://www.securityfocus.com/bid/10444 | Exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16287 | |
| http://secunia.com/advisories/11748 | Exploit Vendor Advisory |
| http://securitytracker.com/id?1010353 | Exploit |
| http://www.oliverkarow.de/research/sambar.txt | Exploit |
| http://www.osvdb.org/6585 | Exploit |
| http://www.securityfocus.com/bid/10444 | Exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16287 |
Configurations
History
20 Nov 2024, 23:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://secunia.com/advisories/11748 - Exploit, Vendor Advisory | |
| References | () http://securitytracker.com/id?1010353 - Exploit | |
| References | () http://www.oliverkarow.de/research/sambar.txt - Exploit | |
| References | () http://www.osvdb.org/6585 - Exploit | |
| References | () http://www.securityfocus.com/bid/10444 - Exploit | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/16287 - |
Information
Published : 2004-12-31 05:00
Updated : 2024-11-20 23:53
NVD link : CVE-2004-2565
Mitre link : CVE-2004-2565
CVE.ORG link : CVE-2004-2565
JSON object : View
Products Affected
sambar
- sambar_server
CWE