It's possible to queue code execution by connecting directly to pbs_mom port. Shell characters vulnerability.
vulners.com/securityvulns/securityvulns:doc:29943
vulners.com/securityvulns/securityvulns:doc:29996