James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.
https://launchpad.net/bugs/cve/2009-1254
https://launchpad.net/bugs/314591
http://www.vupen.com/english/advisories/2009/0972
http://www.securityfocus.com/bid/34418
http://www.debian.org/security/2009/dsa-1764