| VID |
21206 |
| Severity |
40 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "plusmail" CGI is installed. PowerScripts PlusMail is a graphical user interface for web site administration.
The password file in PlusMail is set with improper permissions, allowing a remote attacker to change the password. An attacker can then use PlusMail to modify and execute arbitrary commands on the system.
* References:
http://www.iss.net/security_center/static/4396.php
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-01-8&msg=20000111214313.24266.qmail@securityfocus.com |
| Recommendation |
No remedy available as of June 2014. Remove it from /cgi-bin. |
| Related URL |
CVE-2000-0074 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
