verlihub -- insecure temporary file usage and arbitrary command execution

securityfocus reports:

An attacker with local access could potentially exploit this issue
to perform symbolic-link attacks, overwriting arbitrary files in the
context of the affected application.
Successfully mounting a symlink attack may allow the attacker to
delete or corrupt sensitive files, which may result in a denial of
service. Other attacks may also be possible.

Verlihub is prone to a remote command-execution vulnerability
because it fails to sufficiently validate user input.
Successfully exploiting this issue would allow an attacker to
execute arbitrary commands on an affected computer in the context of
the affected application.