CVE-2006-0225
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
Date published : 2006-01-25
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html