Well as some of you may know there is a remote exploit doing the rounds for cpanel5
sicne there is a new form for web security i thought it would fit right in here . The bug lies in the guestbook and is easyily highjackable with a browser and there is proof of concept code been released but i will not post it or link to it i will give you an example of the webbrowser way to take advantage of it :NOTE i will change a few things in the URL so people wont go around copy pasteing it here is the example


now that is easily took advantage of and the proof of concept code spawns a bash shell
well i have been looking around http://www.cpanel.net
and to my msfortune couldnt find a link to a patch and i cant even provide a patch because i dont use cpanel5 and probably never will so my advice the now is to not let unotorized users acess cgi-sys