VULHUB ™

The whois_raw.cgi perl script included in all freeware versions of the cdomain package allows remote attacker to view/retrieve any system files, such as /etc/passwd, and to execute commands. Exploit descriptions included. No fix available (unless you buy the latest commercial version).

The whois_raw.cgi perl script included in all freeware versions of the cdomain package allows remote attacker to view/retrieve any system files, such as /etc/passwd, and to execute commands. Exploit descriptions included. No fix available (unless you buy the latest commercial version).