Multiple perl scripts from alkalay.net contain remote command execution or arbitrary file retrieval vulnerabilities.
man-cgi (Command Execution)
notify (Command Execution)
nslookup.cgi (Command Execution)
contribute.cgi/contribute.pl (File Retrieval)
Various perl scripts on alkalay.net act on unsafe data from the client, which can allow command execution on the web server or
retrieval of arbitrary files from the web server (both as the web server user).
Note that these programs do not appear to have been maintained for some time, and the author did not respond to contact attempts. These vulns were found while doing research for OSVDB-19515, OSVDB-19516 and OSVDB-19517 (man2web command execution).
None at this time.
Avi Alkalay was notified on 09/12/2005 but did not respond.
Updated information can be found on OSVDB.org under the following entries:
|OSVDB-19519||Avi Alkalay man-cgi topic Variable Arbitrary Command Execution|
|OSVDB-19520||Avi Alkalay nslookup.cgi query Variable Arbitrary Command Execution|
|OSVDB-19521||Avi Alkalay notifiy from Variable Arbitrary Command Execution|
|OSVDB-19522||Avi Alkalay contribute.cgi/contribute.pl template Variable Arbitrary File Retrieval|