Xymon versions prior to 4.3.12 with the xymond_rrd module enabled suffer from a file deletion vulnerability.
05961b9deef0e4629fab271ff5bc660e184d958c0772a463c88ba29fff50ab45
All versions under the 4.2 release of Hobbit prior to 2006-Jun-30 suffer from a flaw where the logfetch utility can be used to read any file on the filesystem.
337360288f55afa7c676f60c1cb2467173030b6f20a3ccbf046e251a50a5a76f