CVE-2004-2565 | Vulnerability Database | Aqua Security

Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a .. (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.

Affected Software

Name	Vendor	Start Version	End Version
Sambar_server	Sambar	6.1-beta2 (including)	6.1-beta2 (including)

References

http://secunia.com/advisories/11748
http://securitytracker.com/id?1010353
http://www.oliverkarow.de/research/sambar.txt
http://www.osvdb.org/6585
http://www.securityfocus.com/bid/10444
https://exchange.xforce.ibmcloud.com/vulnerabilities/16287
http://secunia.com/advisories/11748
http://securitytracker.com/id?1010353
http://www.oliverkarow.de/research/sambar.txt
http://www.osvdb.org/6585
http://www.securityfocus.com/bid/10444
https://exchange.xforce.ibmcloud.com/vulnerabilities/16287

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2565
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html