VULHUB ™

Sambar Server does not properly validate URL requests to iecreate.stm and ieedit.stm. By appending directory traversal sequences such as '../' to requests for these applications, it is possible for a remote user to reveal the contents of directories on the webserver.

Sambar Server does not properly validate URL requests to iecreate.stm and ieedit.stm. By appending directory traversal sequences such as '../' to requests for these applications, it is possible for a remote user to reveal the contents of directories on the webserver.