CVE-2004-2565 in Sambar Serverinfo

Summary

Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

11/22/2005

Disclosure

12/31/2004

Moderation

VulDB entry created

Entries

VDB-23444 (1)

CPE

ready

CWE

CWE-22 (Confirmed)

Exploit

Download

CVSS

5.3

EPSS

0.07652

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-2565
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2565
CVE Details	https://www.cvedetails.com/cve/CVE-2004-2565/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!