84 matches found
Дырки в OmniHTTPD (DoS, source disclosure)
С помощью спецлиально сконструированной URL можно получить код скриптов...
Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure
Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure source: https://www.securityfocus.com/bid/2788/info Submitting a specially crafted GET request for a known file .php, .pl, or .shtml, could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be...
Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure
source: https://www.securityfocus.com/bid/2788/info Submitting a specially crafted GET request for a known file .php, .pl, or .shtml, could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space...
OmniHTTPd Pro Denial of Service Vulnerability
Strumpf Noir Society Advisories ! Public release ! -- -= OmniHTTPd Pro Denial of Service Vulnerability =- Release date: Tuesday, May 15, 2001 Introduction: OmniHTTPd Pro is a powerful all-purpose industry compliant web server built specifically for the Windows 9x and NT platforms. OmniHTTPd Pro c...
CVE-2001-0114
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter...
CVE-2001-0113
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script...
CVE-2001-0114
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter...
CVE-2001-0113
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script...
CVE-2001-0114
The CVE-2001-0114 issue affects OmniHTTPd 2.07; a vulnerability in statsconfig.pl allows remote attackers to overwrite arbitrary files via the cgidir parameter. This is a file-overwrite risk that can enable partial confidentiality impact and potential further abuse, depending on the target enviro...
CVE-2001-0113
CVE-2001-0113 : In OmniHTTPd 2.07, statsconfig.pl can be abused by a crafted mostbrowsers parameter to execute arbitrary commands because its value is incorporated into a generated Perl script. This is the core vulnerability described in the CVE. The connected documents confirm the affected produ...
Vulnerabilities in OmniHTTPd default installation
Vulnerabilities in OmniHTTPd default installation Overview Two vulnerabilities exist within the 'statsconfig.pl' script that comes with OmniHTTPd v2.07 and is installed by default. The first allows a remote attacker to corrupt any file in the system. The second allows arbitrary code to be inserte...
Дырка в OmniHTTPD
Недостаточная проверка ввода пользователя позволяет вставить perl-код в любой файл открытый на запись...
CVE-1999-0970
The CVE-1999-0970 entry concerns OmniHTTPd’s visadmin.exe CGI. A remote attacker can cause a denial of service by sending a malformed URL that results in a large number of temporary files being created, potentially exhausting disk space and impacting the web server. No explicit remediation steps ...
CVE-1999-0970
The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created...
CVE-1999-0951
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands...
CVE-1999-0951
Vulnerability summary (CVE-1999-0951) : The OmniHTTPd CGI program imagemap.exe is affected by a remote buffer overflow in its /cgi-bin/imagemap.exe CGI. This can allow a remote attacker to execute arbitrary commands with the web server’s privileges (typically nobody or root). The issue is exploit...
CVE-1999-0951
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands...
Omnicron OmniHTTPd 1.12.4 Pro - Remote Buffer Overflow
Omnicron OmniHTTPd 1.12.4 Pro - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program "imagemap", which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to t...
Omnicron OmniHTTPd 1.1/2.4 Pro - Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/739/info There is a remotely exploitable buffer overflow vulnerability in the CGI program "imagemap", which is distributed with Omnicron's OmniHTTPD. During operations made on arguments passed to the program, a lack of bounds checking on a strcpy call...
OmniHTTPd imagemap.exe CGI Remote Overflow
The 'imagemap.exe' cgi is installed. This CGI is vulnerable to a buffer overflow that will allow a remote user to execute arbitrary commands with the privileges of your httpd server either nobody or root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...