Check or Attack Name: FormMailExec

The FormMail CGI program contains a vulnerability that allows a remote attacker to execute arbitrary commands on a victim's server. This vulnerability is present in version 1.0 of the FormMail program by Matt Wright.

Disable access to the FormMail script until you can upgrade to the latest version.

FormMail at Matt's Script Archive Web Site, FormMail Information, http://worldwidemart.com/scripts/formmail.shtml

WWW-Security Mailing List, SECURITY HOLE: FormMail, http://www-ns.rutgers.edu/www-security/archives/0810.html