esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.
IBM OmniFind suffers from cross site scripting, cross site request forgery, buffer overflow, session fixation and privilege escalation vulnerabilities. Various other issues also exist.