This page lists publicly disclosed CVE vulnerabilities affecting sambar sambar_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2006-6624 | The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | [email protected] | 4.0 | 8.41% | 2006-12-18 | 2026-04-23 |
| CVE-2005-3506 | Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field. | [email protected] | 4.3 | 0.42% | 2005-11-05 | 2026-04-16 |
| CVE-2004-2565 | Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. | [email protected] | 5.0 | 7.65% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2564 | Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. | [email protected] | 4.3 | 1.20% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2086 | Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter. | [email protected] | 5.0 | 68.84% | 2004-02-06 | 2026-04-16 |
| CVE-2003-1287 | Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device. | [email protected] | 4.6 | 0.12% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1286 | HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests. | [email protected] | 7.5 | 14.09% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1285 | Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl). | [email protected] | 4.3 | 1.39% | 2003-12-31 | 2026-04-16 |
| CVE-2002-0737 | Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character. | [email protected] | 6.4 | 10.63% | 2002-08-12 | 2026-04-16 |
| CVE-2002-0128 | cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument. | [email protected] | 7.5 | 8.65% | 2002-03-25 | 2026-04-16 |
| CVE-2001-1292 | Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password. | [email protected] | 7.5 | 2.75% | 2001-08-13 | 2026-04-16 |
| CVE-2001-1106 | The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure. | [email protected] | 7.5 | 3.07% | 2001-07-25 | 2026-04-16 |
| CVE-2001-1010 | Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter. | [email protected] | 5.0 | 5.05% | 2001-07-22 | 2026-04-16 |
| CVE-2000-0835 | search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter. | [email protected] | 5.0 | 3.63% | 2000-11-14 | 2026-04-16 |
| CVE-2000-0509 | Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname. | [email protected] | 10.0 | 1.83% | 2000-06-01 | 2026-04-16 |
| CVE-2000-0213 | The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters. | [email protected] | 5.0 | 7.35% | 2000-02-23 | 2026-04-16 |
| CVE-1999-1523 | Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. | [email protected] | 7.5 | 1.33% | 1999-10-04 | 2026-04-16 |
| CVE-1999-1178 | Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script. | [email protected] | 5.0 | 0.76% | 1998-06-10 | 2026-04-16 |