For web servers, one of the big security problems for quite a few years has been SQL injection attacks. We solved those quickly, right? Right? Anyone?
So, for Unix-based boxes, script injection attacks will be solved just as quickly. Sigh.
Both work the same way - stuff that should not be trusted is blindly stuffed into command strings, and the command strings are then parsed and run with whatever privileges they "need". Its just plain a bad idea.
Do Windows servers have similar problems, or does Microsoft shipping huge binary blobs actually help with this?