Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.
http://www.securityfocus.com/bid/1187
http://www.perfectotech.com/blackwatchlabs/vul5_10.html
http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html