17 matches found
OmniHTTPd integer overflow
Integer overflow in Range: header...
Omnicron OmniHTTPd 2.x3.0 - GET Buffer Overflow
Omnicron OmniHTTPd 2.x3.0 - GET Buffer Overflow source: https://www.securityfocus.com/bid/10376/info Reportedly OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string sizes when processing user input. Thi...
Omnicron OmniHTTPd 2.x/3.0 - GET Buffer Overflow
source: https://www.securityfocus.com/bid/10376/info Reportedly OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string sizes when processing user input. This issue could allow an attacker to execute...
CVE-2002-1035
Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service crash via an HTTP request with a long, malformed HTTP 1version number...
omnihttpd.txt
A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...
More OmniHTTPd Problems
I've discovered another vulnerability in one of the OmniHTTPd sample apps. This time, the culprit is "/cgi-bin/redir.exe". This app is vulnerable to a newline injection issue. The vulnerability occurs because the "URL" query parameter case sensitive is decoded and placed directly into the respons...
OmniHTTPd 1.1/2.0.x/2.4 - Sample Application URL Encoded Newline HTML Injection
source: https://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection vulnerability has been reported in the '/cgi-bin/redir.exe' sample CGI included with...
OmniHTTPd test.php Cross-Site Scripting Issue
A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...
CVE-2001-0778
OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space %20...
CVE-2001-0613
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request...
OmniHTTPd Encoded Space Request Script Source Disclosure
OmniHTTPd is affected by a vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' to a script's suffix, the web server will no longer interpret it and instead send it back as a simple document in the same manner as...
Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure
Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure source: https://www.securityfocus.com/bid/2788/info Submitting a specially crafted GET request for a known file .php, .pl, or .shtml, could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be...
CVE-2001-0113
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script...
CVE-2001-0114
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter...
CVE-2001-0114
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter...
CVE-2001-0113
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script...
Дырка в OmniHTTPD
Недостаточная проверка ввода пользователя позволяет вставить perl-код в любой файл открытый на запись...