Sports Clubs Web Panel 0.0.1 - Path Traversal via Index.php p Parameter
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
EZWebAlbum 1.0 - Unauthenticated Authentication Bypass via photoalbumadmin Cookie
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.