Vulners
Lucene search
Sambar Server 4.4/5.0 pagecount File Overwrite Vulnerability
source: http://www.securityfocus.com/bid/3091/info
Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems.
Sambar WWW Server is bundled with a sample script('pagecount') which creates temporary files on the host. However, it is possible for a remote attacker to craft a web request which will cause pagecount to overwrite existing files. Files attacked in this manner will be corrupted.
Loss of critical data and a denial of services may occur if system files are overwritten.
http://sambarserver/session/pagecount?page=index will create a file in Sambar temp directory with name 'index'
http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat then the script will rewrite the first symbols of c:\autoexec.bat with it's number.
So we are able to add some text to any file on the disk.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1