source: wwwsecurityfocuscom/bid/564/info
The Dragon-Fire IDS remote web interface under version 10 has an insecure CGI script which allows for users to remotely execute commands as the user nobody This could lead to a remote compromise of the system running Dragon-Fire
Via the web interface for Dragon-Fire inside the IPONE field type ...