Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
https://exchange.xforce.ibmcloud.com/vulnerabilities/11427
http://www.securityfocus.com/bid/6968