vendor:
Sambar Server
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal and Cross-Site Scripting
79
CWE
Product Name: Sambar Server
Affected Version From: Sambar 6.1 Beta 2
Affected Version To: Other versions likely affected
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Sambar Server Multiple Vulnerabilities
Sambar Server is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to access sensitive files and carry out directory traversal and cross-site scripting attacks. These issues require an attacker to have administrative privileges, however, it is reported that an administrative password is not set on the server by default. An administrator who is not intended to have certain privileges may also exploit these vulnerabilities. An example of a cross-site scripting attack is http://www.example.com/sysadmin/system/showperf.asp?area=search&title=<script>alert(document.cookie)</script>
Mitigation:
Ensure that administrative passwords are set on the server and that only intended administrators have access to the server.