Sambabox
Monthly
Remote code execution in SambaBox 5.1-5.2 allows authenticated administrators to inject and execute arbitrary OS commands through improper input sanitization. Attackers with high-privilege access can achieve full system compromise with confidentiality, integrity, and availability impact. Reported by Turkish national CERT (TR-CERT/USOM), no CISA KEV listing or public exploit code identified at time of analysis, indicating limited observed exploitation activity.
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Remote code execution in SambaBox 5.1-5.2 allows authenticated administrators to inject and execute arbitrary OS commands through improper input sanitization. Attackers with high-privilege access can achieve full system compromise with confidentiality, integrity, and availability impact. Reported by Turkish national CERT (TR-CERT/USOM), no CISA KEV listing or public exploit code identified at time of analysis, indicating limited observed exploitation activity.
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.