dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.