phf CGI program allows remote command execution through shell metacharacters.

AUSCERT:AA-96.01 | BID:629 | URL:http://www.securityfocus.com/bid/629 | BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family | CERT:CA-1996-06 | URL:http://www.cert.org/advisories/CA-1996-06.html | OSVDB:136 | URL:http://www.osvdb.org/136 | XF:http-cgi-phf