Remote Desktop version 0.9.4 Android suffers from local command injection and cross site request forgery vulnerabilities.