LPAR2RRD in 3.5 and previous versions allows remote malicious users to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
xorux lpar2rrd