XCMS versions 1.82 and below suffer from local file inclusion and code execution via upload vulnerabilities.
86df86ac97dad0a6d1e88591700429ef56074e58587bf7643c6ef071b64d928d
DeluxeBB versions 1.09 and below remote change exploit that manipulates user or administrative e-mail addresses.
5da43e9f15ffbc70123fadf0e8612e483a9df4701240901e0af770b647d0ad26