CVE-2004-2086

Sambar Server <6.0 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.

Exploits (3)

metasploit WORKING POC NORMAL

by hdm · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sambar6_search_results.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16756

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by [email protected] · pythondoswindows

https://www.exploit-db.com/exploits/23664

View Code ZIP pw:eip

References (6)

[Exploit, Vendor Advisory] http://securitytracker.com/id?1008979

[Patch, Vendor Advisory] http://www.osvdb.org/5786

[Patch, Vendor Advisory] http://www.sambar.com/security.htm

[Exploit, Vendor Advisory] http://www.securityfocus.com/archive/82/353087

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/9607

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15071

Scores

EPSS 0.6884

EPSS Percentile 98.6%

Classification

Status draft

Affected Products (2)

sambar/sambar_server

Timeline

Published Feb 06, 2004

Tracked Since Feb 18, 2026