The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote malicious users to execute commands via shell metacharacters.
source: wwwsecurityfocuscom/bid/1002/info
The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with administrator privileges This allows the attacker to read, mo ...