Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm.
http://www.securityfocus.com/bid/6009
http://www.securityfocus.com/bid/6008
http://www.iss.net/security_center/static/10404.php