Back to search
CVE-2004-2565
Published: Nov 22, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
11748
third-party-advisory
x_refsource_SECUNIA
1010353
vdb-entry
x_refsource_SECTRACK
10444
vdb-entry
x_refsource_BID
http://www.oliverkarow.de/research/sambar.txt
x_refsource_MISC
sambar-multiple-directory-traversal(16287)
vdb-entry
x_refsource_XF
6585
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now