Auction Weaver
--------------

CVE Number: 
CAN-2000-0810, CAN-2000-0811

Details:
The auctionweaver.pl cgi script was found on the system. This is a part of
Auction Weaver Lite. It allows for remote file viewing of any world readable
file in the target system. It also allows for arbitrary commands to be 
executed.

Fix:
It is recommended that the file be removed from the system, or that Auction
Weaver be upgraded to version 1.05 or higher.

Related URLs:
http://archives.neohapsis.com/archives/bugtraq/2000-08/0310.html
http://archives.neohapsis.com/archives/bugtraq/2000-08/0370.html
http://www.cgiscriptcenter.com/awl/

$Id: auction,v 1.1 2000/11/06 15:34:06 loveless Exp $
