kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6112
http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html