The 'PGPMail.pl' CGI is installed. Some versions (up to v1.31 a least) of this CGI do not properly filter user input before using it inside commands. This would allow a cracker to run any command on your server. *** Note: OVS just checked the presence of this CGI *** but did not try to exploit the flaws.

remove it from /cgi-bin or upgrade it. Reference : http://online.securityfocus.com/archive/82/243262 Reference : http://online.securityfocus.com/archive/1/243408