wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
http://www.securityfocus.com/bid/4384
http://www.securityfocus.com/bid/4383
http://www.iss.net/security_center/static/8660.php
http://www.bireme.br/security.htm
http://online.securityfocus.com/archive/1/265456
http://online.securityfocus.com/archive/1/264682
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0077.html