Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.
http://www.securityfocus.com/bid/3485
http://www.securityfocus.com/bid/3483
http://www.iss.net/security_center/static/7435.php