84 matches found
CVE-2004-2299
Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header...
CVE-2004-2299
Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header...
OmniHTTPd Pro Long POST Request DoS
The remote host is running OmniHTTPd Pro HTTP Server. The remote version of this software seems to be vulnerable to a buffer overflow when handling specially long POST request. This may allow an attacker to crash the remote service, thus preventing it from answering legitimate client requests. C...
EXP_OmniHTTPd.BAT
EXPOmniHTTPd.BAT @echo off :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Application: OmniHTTPd :Vendors: http://www.omnicron.ca :Version: 0xE0 f 117 206 41 !JMPESP@w2k e 207 12 45 FA 7F !Shellcode e 20B EB 1B 5B BE 43 6F 6F 6C BF 49 43 45 21 43 39 3B e 21B 75 FB 4B 80 3...
Overflow@OmniHTTPd
EXPOmniHTTPd.BAT @echo off :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Application: OmniHTTPd :Vendors: http://www.omnicron.ca :Version: =V3.0a :Platforms: Windows :Bug: Overflow :Date: 2004-04-23 :Author: CoolICE :E-mail: CoolICEChina.com...
OmniHTTPd integer overflow
Integer overflow in Range: header...
Omnicron OmniHTTPd 2.x3.0 - GET Buffer Overflow
Omnicron OmniHTTPd 2.x3.0 - GET Buffer Overflow source: https://www.securityfocus.com/bid/10376/info Reportedly OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string sizes when processing user input. Thi...
Omnicron OmniHTTPd 2.x/3.0 - GET Buffer Overflow
source: https://www.securityfocus.com/bid/10376/info Reportedly OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string sizes when processing user input. This issue could allow an attacker to execute...
CVE-2002-1455
Multiple cross-site scripting XSS vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via 1 test.php, 2 test.shtml, or 3 redir.exe...
CVE-2002-1035
Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service crash via an HTTP request with a long, malformed HTTP 1version number...
CVE-2002-1035
Omnicron OmniHTTPd 2.09 is affected. A remote attacker can trigger a denial-of-service (crash) by sending an HTTP request with a long, malformed HTTP 1version number. No exploitation details or patches are provided in the supplied documents. The impact is limited to availability (partial), with n...
CVE-2002-1455
CVE-2002-1455 describes multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd that allow remote attackers to inject script or HTML into web pages. Exploitation via (1) test.php, (2) test.shtml, or (3) redir.exe is indicated in the description. The connected documents corroborate the pr...
CVE-2002-1455
Multiple cross-site scripting XSS vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via 1 test.php, 2 test.shtml, or 3 redir.exe...
CVE-2002-1035
Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service crash via an HTTP request with a long, malformed HTTP 1version number...
omnihttpd.txt
A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...
OmniHTTPd test.shtml Cross-Site Scripting Issue
OmniHTTPd's Test.shtml sample is also vulnerable to a similar issue: http://localhost/test.shtml?3CSCRIPT3Ealertdocument.URL3C2FSCRIPT3E=x Will pop up an alert containing the above URL. Of course, this has other uses cookie theft, faking sources, etc...
OmniHTTPd 1.12.0.x2.4 - Sample Application URL Encoded Newline HTML Injection
OmniHTTPd 1.12.0.x2.4 - Sample Application URL Encoded Newline HTML Injection source: https://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection...
Multiple bugs in OmniHTTPD
Crossite scripting, information spoofing...
More OmniHTTPd Problems
I've discovered another vulnerability in one of the OmniHTTPd sample apps. This time, the culprit is "/cgi-bin/redir.exe". This app is vulnerable to a newline injection issue. The vulnerability occurs because the "URL" query parameter case sensitive is decoded and placed directly into the respons...
OmniHTTPd test.php Cross-Site Scripting Issue
A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...