CVE-2001-0028

oops_proxy_server 1.5.2 - Remote Code Execution via HTML Parser Quotation Character Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0028. PoCs published by CyRaX, diman.

AI-analyzed exploit summary This exploit targets a heap-based buffer overflow in Oops Proxy Server v1.4.22 and prior. It leverages a crafted FTP response to overflow the heap, overwrite the __free_hook, and execute arbitrary shellcode, resulting in remote code execution.

Description

Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.

Exploits (2)

exploitdb WORKING POC VERIFIED
by CyRaX · cremoteunix
https://www.exploit-db.com/exploits/20495

This exploit targets a heap-based buffer overflow in Oops Proxy Server v1.4.22 and prior. It leverages a crafted FTP response to overflow the heap, overwrite the __free_hook, and execute arbitrary shellcode, resulting in remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Oops Proxy Server v1.4.22 and prior
No auth needed
Prerequisites: Network access to the vulnerable Oops Proxy Server · Ability to send crafted FTP responses to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by diman · cremotelinux
https://www.exploit-db.com/exploits/20496

This exploit targets a buffer overflow vulnerability in Oops proxy server 1.4.6, allowing remote code execution via crafted HTTP requests with excessive quotation marks or long hostnames. The shellcode performs a reverse shell connection and includes techniques to handle offset variations.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oops proxy server 1.4.6
No auth needed
Prerequisites: Network access to the target Oops proxy server · Target running on FreeBSD 4.0-4.2
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2099
Patch, Vendor Advisory vendor-advisory x_refsource_freebsd
http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5725

Scores

EPSS 0.0714
EPSS Percentile 93.5%

Details

Status published
Products (1)
igor_khasilev/oops_proxy_server 1.4.22
Published Feb 12, 2001
Tracked Since Feb 18, 2026