HighCheck or Attack Name: CGI Textcounter
Textcounter is a popular tool for adding "hit counters" to web pages. A vulnerability exists in some versions of this program that allows remote attackers to execute arbitrary commands on the hosting server with the privileges of the server process.
Users of the Perl version should upgrade to at least 1.2.1, and users of the C++ version should upgrade to at least 1.3.1 to fix this security problem.
BUGTRAQ Mailing List, textcounter.pl SECURITY HOLE, http://www.netspace.org/cgi-bin/wa?A2=ind9806D&L=bugtraq&P=R755
Matt's Script Archive, Textcounter, http://www.worldwidemart.com/scripts/textcounter.shtml
