Here's a complete list of such functions which are needed to be stopped from being executed within any website on your web hosting server:

apache_child_terminate, 
apache_setenv, 
define_syslog_variables, 
escapeshellarg, 
escapeshellcmd, 
eval, 
exec, 
fp, 
fput, 
ftp_connect, 
ftp_exec, 
ftp_get, 
ftp_login, 
ftp_nb_fput, 
ftp_put, 
ftp_raw, 
ftp_rawlist, 
highlight_file, 
ini_alter, 
ini_get_all, 
ini_restore, 
inject_code, 
mysql_pconnect, 
openlog, 
passthru, 
php_uname, 
phpAds_remoteInfo, 
phpAds_XmlRpc, 
phpAds_xmlrpcDecode, 
phpAds_xmlrpcEncode, 
popen, 
posix_getpwuid, 
posix_kill, 
posix_mkfifo, 
posix_setpgid, 
posix_setsid, 
posix_setuid, 
posix_setuid, 
posix_uname, 
proc_close, 
proc_get_status, 
proc_nice, 
proc_open, 
proc_terminate, 
shell_exec, 
syslog, 
system, 
xmlrpc_entity_decode