source: http://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire. Via the web interface for Dragon-Fire inside the IPONE field type your desired command prefaced with a | an example could be: |echo 'uname -a' The output of the command will then be displayed in the right hand window of the IDS WWW interface.
Related ExploitsTrying to match CVEs (1): CVE-1999-0913
Trying to match OSVDBs (1): 47
Other Possible E-DB Search Terms: Network Security Wizards Dragon-Fire IDS 1.0, Network Security Wizards Dragon-Fire IDS