jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
https://exchange.xforce.ibmcloud.com/vulnerabilities/87011
http://www.securitytracker.com/id/1029016
http://www.exploit-db.com/exploits/29544
http://secunia.com/advisories/54731
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560