Tor had a vulnerability in the control port. This was fixed with the release of the 0.1.2.16 (notes).
Looking at a diff of the versions and the somewhat vague description of the problem, it was pretty obvious what the problem was and how simple an exploit could be. Tor was allowing multiple attempts at authentication so a web page could submit a form post with any desired commands.
Now that the details of the attack have been released, here is a simple proof of concept of Tor control port pwnage.
This issue was first raised in August 2006 on the or-talk mailing list. So in the end, it only took about a year for it to be addressed.