CVE-2004-2564

Sambar Server <6.1 Beta 2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Oliver Karow · textremotewindows

https://www.exploit-db.com/exploits/24162

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Oliver Karow · textremotewindows

https://www.exploit-db.com/exploits/24161

View Code ZIP pw:eip

References (7)

Core 7

Core References

Exploit, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/11748

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/6584

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1010353

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10444

Exploit x_refsource_misc

http://www.oliverkarow.de/research/sambar.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16286

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/6583

Scores

EPSS 0.0120

EPSS Percentile 79.0%

Details

Status published

Products (1)

sambar/sambar_server 6.1 beta2

Published Dec 31, 2004

Tracked Since Feb 18, 2026