The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5103
http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html