The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.
http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3%40cybcom.net
http://www.securityfocus.com/bid/1002
http://www.sambar.com/session/highlight?url=/syshelp/history.htm&words=security+&color=red