The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote malicious users to execute arbitrary commands via the python-fu-eval command.
gimp gimp