Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sambar_server | Sambar | 5.0 | 5.0 |
Sambar_server | Sambar | 5.0 | 5.0 |
Sambar_server | Sambar | 5.0 | 5.0 |
Sambar_server | Sambar | 5.0 | 5.0 |
Sambar_server | Sambar | 5.0 | 5.0 |
Sambar_server | Sambar | 5.0 | 5.0 |
Sambar_server | Sambar | 5.0 | 5.0 |
Sambar_server | Sambar | 5.1 | 5.1 |
Sambar_server | Sambar | 5.1 | 5.1 |
Sambar_server | Sambar | 5.1 | 5.1 |
Sambar_server | Sambar | 5.1 | 5.1 |
Sambar_server | Sambar | 5.1 | 5.1 |
Sambar_server | Sambar | 5.1 | 5.1 |
Sambar_server | Sambar | 5.2 | 5.2 |
Sambar_server | Sambar | 5.3 | 5.3 |
Sambar_server | Sambar | 6.0 | 6.0 |
Sambar_server | Sambar | 6.0 | 6.0 |