Описание
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00139
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
EPSS
Процентиль: 34%
0.00139
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other