Date: Sat, 5 Jun 1999 09:53:51 +0300
From: Valentin Perelogin <viktor@PARNU.EE>
To: BUGTRAQ@netspace.org
Subject: Remote Exploit (Bug) in OmniHTTPd Web Server

Hi all,
The exploit (bug) will make temp files on the server until servers hdd
is full.
And anyone can do it remotely.
By default visadmin.exe (Visitor Administrator) is in cgi-bin directory.

What you need to do, is to type this url:
http://omni.server/cgi-bin/visadmin.exe?user=guest
Thats all. Now in some minutes is servers hdd full!!

Fix: Remove visadmin.exe from cgi-bin directory.

Valentin Perelőgin