COMMAND

    OmniHTTPd

SYSTEMS AFFECTED

    OmniHTTPd Web Server

PROBLEM

    Valentin Perelogin found following.   The exploit (bug) will  make
    temp files on the  server until servers hdd  is full.  And  anyone
    can   do   it   remotely.    By   default   visadmin.exe  (Visitor
    Administrator) is in cgi-bin directory.   What you need to do,  is
    to type this url:

         http://omni.server/cgi-bin/visadmin.exe?user=guest

    Thats all.  Now in some minutes is servers hdd full!!

SOLUTION

    Remove visadmin.exe from cgi-bin directory.