Well as some of you may know there is a remote exploit doing the rounds for cpanel5
sicne there is a new form for web security i thought it would fit right in here . The bug lies in the guestbook and is easyily highjackable with a browser and there is proof of concept code been released but i will not post it or link to it i will give you an example of the webbrowser way to take advantage of it :NOTE i will change a few things in the URL so people wont go around copy pasteing it here is the example

.ww.victim.com/cgi-sys/guestbook.cgi?luser=meh&template=|id.|

now that is easily took advantage of and the proof of concept code spawns a bash shell
well i have been looking around http://www.cpanel.net
and to my msfortune couldnt find a link to a patch and i cant even provide a patch because i dont use cpanel5 and probably never will so my advice the now is to not let unotorized users acess cgi-sys