CVE-2005-1666

orenosv_http_ftp_server < 0.8.1 - Authenticated Buffer Overflow via Long FTP Command Arguments

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1666. PoCs published by Samsta, Tan Chew Keong.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Orenosv HTTP/FTP Server 0.8.1 by sending an overly long filename via the MKD FTP command. It requires authentication and may lead to remote code execution or denial of service.

Description

Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Samsta · perldoswindows
https://www.exploit-db.com/exploits/25629

This exploit targets a buffer overflow vulnerability in Orenosv HTTP/FTP Server 0.8.1 by sending an overly long filename via the MKD FTP command. It requires authentication and may lead to remote code execution or denial of service.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Orenosv HTTP/FTP Server 0.8.1
Auth required
Prerequisites: Network access to the FTP server · Valid FTP credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Tan Chew Keong · textdoswindows
https://www.exploit-db.com/exploits/25631

The exploit describes a buffer overflow vulnerability in Orenosv HTTP/FTP server's 'cgissi.exe' when handling excessive SSI command names. The provided example shows a basic SSI command with a long string of 'a' characters, but lacks executable code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Orenosv HTTP/FTP Server 0.8.1
No auth needed
Prerequisites: Network access to the vulnerable server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/16165
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013923
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/16166
Exploit, Vendor Advisory x_refsource_misc
http://www.securiteam.com/windowsntfocus/5FP0H00FPS.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20510
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13546
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13549
Exploit, Vendor Advisory x_refsource_misc
http://www.security.org.sg/vuln/orenosv081.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0499
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20512
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15302

Scores

EPSS 0.0997
EPSS Percentile 95.0%

Details

Status published
Products (1)
orenosv/orenosv_http_ftp_server < 0.8.1
Published May 18, 2005
Tracked Since Feb 18, 2026