The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server.
Remove it from /cgi-bin/common/.
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- Admbook PHP Code Injection Flaw
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- aflog Cookie-Based Authentication Bypass Vulnerability