adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function.