The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
phf CGI program allows remote command execution through shell metacharacters.
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.