CGI

Some improperly written CGI (Web Common Gateway Interface) programs are vulnerable to intruders. Often, a regular search engine may be used to locate these. Of particular concern to Unix users is phf, which was shipped with early NCSA httpd servers. This gateway program allows arbitrary commands (such as cat /etc/passwd) to be appended after a query term and executed by the httpd UID.

Other suspected exploits involve:

faxsurvey
webdist.cgi
php.cgi
view-source
htmlscript
campas
info2www
aglimpse
pfdispaly.cgi (pfdisplay.cgi ?)
/_vti_pvt

See also CERT* Advisory CA-97.25.CGI_metachar for a general description of the problem.

Up to Security Page