After seeing a tweet about a command line buffer overflow in nagios plugins I took a look myself.  Seems there are probably a bunch of them.

http://packetstormsecurity.org/files/108160 

uttwer@b0rk:~/test/nagios-plugins-1.4.15/plugins$ grep strcpy *.c |grep -v \"
check_dns.c:      strcpy(adrp, addresses[i]);
check_dns.c:      strcpy (query_address, optarg);
check_dns.c:      strcpy (dns_server, optarg);
check_dns.c:      strcpy (ptr_server, optarg);
check_dns.c:    strcpy (query_address, argv[c++]);
check_dns.c:    strcpy (dns_server, argv[c++]);
check_hpjd.c:				strcpy (errmsg, input_buffer);
check_hpjd.c:				strcpy (display_message, temp_buffer + 1);
check_http.c:  strcpy (newpath + 1, path);
check_http.c:      strcpy (url, HTTP_URL);
check_http.c:      strcpy (url, HTTP_URL);
check_http.c:      strcpy (type, server_type);
check_http.c:      strcpy (addr, host_name ? host_name : server_address);
check_http.c:  strcpy (server_type, type);
check_nagios.c:				strcpy(procprog, temp_string);
check_pgsql.c:			else /* we know length, and know optarg is terminated, so us strcpy */
check_pgsql.c:				strcpy (dbName, optarg);
check_procs.c:			strcpy(procprog, base_name(procprog));
check_snmp.c:			strcpy(&state_string[current_length],temp_string);
check_ups.c:	strcpy (temp_buffer, recv_buffer);
popen.c:	strcpy (cmd, cmdstring);