Hello!
I know nothing about CGI-scanner, but the fact 1) there is a script called test, active in the cgi-bin is a security treat, 2) it prints out var listings of the system, their is no reason you should willingfully give any infomartion about your system to possiable crackers. A CGI-Scanner can be found at www.rootshell.com under "Exploits" and "Jun 99".
It's a good thing to test your own server. But of course this script doesn't know _all_ CGIs with security bugs, so it only can give you more security, but not a perfect one. Jan -- +-------------------+--------------------------------------------------------+ | Jan Theofel | rst Unternehmensberatungs- und Handelsgesellschaft mbH | | Webadministrator | Bahnhofstrasse 35, 71272 Renningen | | | Tel.: 07159/800-450 Fax: 07159/800-451 | +-------------------+--------------------------------------------------------+