The original (MSA) FormMail script is vulnerable to an exploit that allowed for commands to be issued with the privileges of the web server process. This vulnerability is commonly exploited by spammers to send bulk e-mail, and can also lead to compromise of the host. http://www.securityfocus.com/corporate/research/ top10attacks_q1_2002.shtml For folks interested in achieving this functionality through cgi-Perl, there is an improved version of FormMail by the London Perl Mongers http://nms-cgi.sourceforge.net/ -- David On Feb 3, 2004, at 12:30 AM, John C Bullas wrote: > Colleagues > > As neither a user of cgi-bins (I rename them) nor formmail (I use > BFormMail) > these don't worry me.. should they if I had got formmail in a cgi-bin? > > what could this (virus driven?) exploit do? > > FB > > >> Tue Feb 3 2004 7:23:30 am GMT >> >> 184.108.40.206 tried to load www.imm2004.org/cgi-bin/FormMail.cgi >> >> User Agent = >> >> Referring URL: >> >> http://www.imm2004.org/ > > -- > * * Please support the community that supports you. * * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester and > archives of thelist go to: http://lists.evolt.org Workers of the Web, > evolt !