filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.