Sendform.cgi v1.4.4 and below has a directory traversal vulnerability which allows remote attackers to read any file with the privileges of the web server. Fix available here. Bugtraq ID 5286.
694cdf39c7befd0a99c544d8c6c02d17f57020d35701886d6ec90789a6b1f585
If X11forwarding is turned on, and remote xauth is patched, sshing into a compromised server can allow programs to be run on under your ssh client. This is turned on by default in ssh1, ssh2, and openssh.
083e386a21e2ee341ea8c6922e55896cde8a2b905b0e442bf586d17e95bf58d8