SynCE (http://www.synce.org/) is "an open source project, whose objective is to provide a way of communicating with a Windows CE or Pocket PC device, from a computer running Linux, *BSD or other unices". A vulnerability in SynCE allows attackers to inject arbitrary commands this is due to the vdccm daemon not properly sanitizing certain input before using it to invoke external scripts. This can be exploited to execute arbitrary commands with the privileges of the vdccm daemon by sending specially crafted requests.

http://www.securiteam.com/windowsntfocus/5JP022AN5Q.html